diff --git a/README.md b/README.md index 755670ffd..d7a2c1492 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ yuzu emulator early access ============= -This is the source code for early-access 2696. +This is the source code for early-access 2698. ## Legal Notice diff --git a/externals/libressl/CMakeLists.txt b/externals/libressl/CMakeLists.txt index dda193eeb..6f174bb71 100755 --- a/externals/libressl/CMakeLists.txt +++ b/externals/libressl/CMakeLists.txt @@ -98,7 +98,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "SunOS") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic") - set(PLATFORM_LIBS ${PLATFORM_LIBS} nsl socket) + set(PLATFORM_LIBS ${PLATFORM_LIBS} dl md nsl socket) endif() add_definitions(-DLIBRESSL_INTERNAL) @@ -113,19 +113,21 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang") endif() if(WIN32) - add_definitions(-Drestrict) add_definitions(-D_CRT_SECURE_NO_WARNINGS) add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS) add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS) - add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600) add_definitions(-DCPPFLAGS -DNO_SYSLOG -DNO_CRYPT) - set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32) + add_definitions(-DWIN32_LEAN_AND_MEAN) + if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore") + add_definitions(-D_WIN32_WINNT=0x0600) + endif() + set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32 bcrypt) endif() if(MSVC) add_definitions(-Dinline=__inline) message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler") - if(CMAKE_C_COMPILER_ID MATCHES "MSVC") + if(CMAKE_C_COMPILER_ID MATCHES "MSVC" OR CMAKE_C_COMPILER_ID MATCHES "Clang") set(MSVC_DISABLED_WARNINGS_LIST "C4018" # 'expression' : signed/unsigned mismatch "C4057" # 'operator' : 'identifier1' indirection to @@ -284,11 +286,21 @@ if(HAVE_MEMMEM) add_definitions(-DHAVE_MEMMEM) endif() +check_include_files(endian.h HAVE_ENDIAN_H) +if(HAVE_ENDIAN_H) + add_definitions(-DHAVE_ENDIAN_H) +endif() + check_include_files(err.h HAVE_ERR_H) if(HAVE_ERR_H) add_definitions(-DHAVE_ERR_H) endif() +check_include_files("sys/types.h;arpa/inet.h;netinet/ip.h" HAVE_NETINET_IP_H) +if(HAVE_NETINET_IP_H) + add_definitions(-DHAVE_NETINET_IP_H) +endif() + if(ENABLE_ASM) if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF") if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)") @@ -298,6 +310,7 @@ if(ENABLE_ASM) elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") set(HOST_ASM_ELF_X86_64 true) endif() + add_definitions(-DHAVE_GNU_STACK) elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") set(HOST_ASM_MACOSX_X86_64 true) elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64")) @@ -331,30 +344,65 @@ if(SIZEOF_TIME_T STREQUAL "4") endif() add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T}) -set(OPENSSL_LIBS tls ssl crypto ${PLATFORM_LIBS}) +set(OPENSSL_LIBS ssl crypto ${PLATFORM_LIBS}) +set(LIBTLS_LIBS tls ${PLATFORM_LIBS}) + +# libraries for regression test +if(BUILD_SHARED_LIBS) + set(OPENSSL_TEST_LIBS ssl-static crypto-static ${PLATFORM_LIBS}) + set(LIBTLS_TEST_LIBS tls-static ${PLATFORM_LIBS}) +else() + set(OPENSSL_TEST_LIBS ssl crypto ${PLATFORM_LIBS}) + set(LIBTLS_TEST_LIBS tls ${PLATFORM_LIBS}) +endif() add_subdirectory(crypto) add_subdirectory(ssl) add_subdirectory(tls) add_subdirectory(include) -if(NOT MSVC) - # Create pkgconfig files. - set(prefix ${CMAKE_INSTALL_PREFIX}) - set(exec_prefix \${prefix}) - set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR}) - set(includedir \${prefix}/include) - if(PLATFORM_LIBS) - string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}") +if (BUILD_APPLE_XCFRAMEWORK) + # Create the super library from object libraries + add_library(LibreSSL_xcframework + $ $ $) + set_target_properties(LibreSSL_xcframework PROPERTIES + OUTPUT_NAME ressl) + + if(ENABLE_LIBRESSL_INSTALL) + install(TARGETS LibreSSL_xcframework + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) + endif(ENABLE_LIBRESSL_INSTALL) +endif(BUILD_APPLE_XCFRAMEWORK) + +if(ENABLE_LIBRESSL_INSTALL) + if(NOT MSVC) + # Create pkgconfig files. + set(prefix ${CMAKE_INSTALL_PREFIX}) + set(exec_prefix \${prefix}) + set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR}) + set(includedir \${prefix}/include) + if(PLATFORM_LIBS) + string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}") + endif() + file(STRINGS "VERSION" VERSION LIMIT_COUNT 1) + file(GLOB OPENSSL_PKGCONFIGS "*.pc.in") + foreach(file ${OPENSSL_PKGCONFIGS}) + get_filename_component(filename ${file} NAME) + string(REPLACE ".in" "" new_file "${filename}") + configure_file(${filename} pkgconfig/${new_file} @ONLY) + endforeach() + install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig + DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif() - file(STRINGS "VERSION" VERSION LIMIT_COUNT 1) - file(GLOB OPENSSL_PKGCONFIGS "*.pc.in") - foreach(file ${OPENSSL_PKGCONFIGS}) - get_filename_component(filename ${file} NAME) - string(REPLACE ".in" "" new_file "${filename}") - configure_file(${filename} pkgconfig/${new_file} @ONLY) - endforeach() - install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig - DESTINATION ${CMAKE_INSTALL_LIBDIR}) +endif(ENABLE_LIBRESSL_INSTALL) + +if(NOT "${OPENSSLDIR}" STREQUAL "") + set(CONF_DIR "${OPENSSLDIR}") +else() + set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") endif() +if(ENABLE_LIBRESSL_INSTALL) + install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) + install(DIRECTORY DESTINATION ${CONF_DIR}/certs) +endif(ENABLE_LIBRESSL_INSTALL) diff --git a/externals/libressl/ChangeLog b/externals/libressl/ChangeLog index 45984567f..e4dc7ad1e 100755 --- a/externals/libressl/ChangeLog +++ b/externals/libressl/ChangeLog @@ -28,6 +28,804 @@ history is also available from Git. LibreSSL Portable Release Notes: +3.5.2 - Stable release + + * Bug fixes + - Avoid single byte overread in asn1_parse2(). + - Allow name constraints with a leading dot. From Alex Wilson. + - Relax a check in x509_constraints_dirname() to allow prefixes. + From Alex Wilson. + - Fix NULL dereferences in openssl(1) cms option parsing. + - Do not zero the computed cofactor on ec_guess_cofactor() success. + - Bound cofactor in EC_GROUP_set_generator() to reduce the number of + bogus groups that can be described with nonsensical parameters. + - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low + memory conditions. Reported for HMAC by Masaru Masuda. + - Plug leak in ASN1_TIME_adj_internal(). + - Avoid infinite loop for custom curves of order 1. + Issue reported by Hanno Boeck, comments by David Benjamin. + - Avoid an infinite loop on parsing DSA private keys by validating + that the provided parameters conform to FIPS 186-4. + Issue reported by Hanno Boeck, comments by David Benjamin. + * Compatibility improvements + - Allow non-standard name constraints of the form @domain.com. + * Internal improvements + - Limit OID text conversion to 64 bits per arc. + - Clean up and simplify memory BIO code. + - Reduce number of memmove() calls in memory BIOs. + - Factor out alert handling code in the legacy stack. + - Add sanity checks on p and q in old_dsa_priv_decode() + - Cache the SHA-512 hash instead of the SHA-1 for CRLs. + - Suppress various compiler warnings for old gcc versions. + - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). + - Rework ownership handling in x509_constraints_validate(). + - Rework ASN1_STRING_set(). + - Remove const from tls1_transcript_hash_value(). + - Clean up and simplify ssl3_renegotiate{,_check}(). + - Rewrite legacy TLS and DTLS unexpected handshake message handling. + - Simplify SSL_do_handshake(). + - Rewrite ASCII/text to ASN.1 object conversion. + - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). + - Split armv7 and aarch64 code into separate locations. + - Rewrote openssl(1) ts to use the new option handling and cleaned + up the C code. + - Provide asn1_get_primitive(). + - Convert {c2i,d2i}_ASN1_OBJECT() to CBS. + - Remove the minimum record length checks from dtls1_read_bytes(). + - Clean up {dtls1,ssl3}_read_bytes(). + - Be more careful with embedded and terminating NULs in the new + name constraints code. + - Check EVP_Digest* return codes in openssl(1) ts + - Various minor code cleanup in openssl(1) pkcs12 + - Use calloc() in pkey_hmac_init(). + - Simplify priv_key handling in d2i_ECPrivateKey(). + * Documentation improvements + - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after + refactoring and bug fixes. + - Fixed numerous minor grammar, spelling, wording, and punctuation + issues. + +3.5.1 - Security release + + * A malicious certificate can cause an infinite loop. + Reported by and fix from Tavis Ormandy and David Benjamin, Google. + +3.5.0 - Development release + + * New Features + - The RFC 3779 API was ported from OpenSSL. Many bugs were fixed, + regression tests were added and the code was cleaned up. + - Certificate Transparency was ported from OpenSSL. Many internal + improvements were made, resulting in cleaner and safer code. + Regress coverage was added. libssl does not yet make use of it. + * Portable Improvements + - Fixed various POSIX compliance and other portability issues + found by the port to the Sortix operating system. + - Add libmd as platform specific libraries for Solaris. + Issue reported from (ihsan opencsw org) on libressl ML. + - Set IA-64 compiler flag only if it is HP-UX with IA-64. + Suggested from Larkin Nickle (me larbob org) by libressl ML. + - Enabled and scheduled Coverity scan. + Contributed by Ilya Shipitsin (chipitsine gmail com> on github. + * Compatibility Changes + - Most structs that were previously defined in the following headers + are now opaque as they are in OpenSSL 1.1: + bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, + x509.h, x509v3.h, x509_vfy.h + - Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_ + OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead + of using something consistent with the previous naming. Various + test suites expect these names (instead of checking for the much + more sensible cipher numbers). The old names are still accepted + as aliases. + - Subject alternative names and name constraints are now validated + when they are added to certificates. Various interoperability + problems with stacks that validate certificates more strictly + than OpenSSL can be avoided this way. + - Attempt to opportunistically use the host name for SNI in s_client + * Bug fixes + - In some situations, the verifier would discard the error on an + unvalidated certificate chain. This would happen when the + verification callback was in use, instructing the verifier to + continue unconditionally. This could lead to incorrect decisions + being made in software. + - Avoid an infinite loop in SSL_shutdown() + - Fix another return 0 bug in SSL_shutdown() + - Handle zero byte reads/writes that trigger handshakes in the + TLSv1.3 stack + - A long standing memleak in libtls CRL handling was fixed + * Internal Improvements + - Cache the SHA-512 hash instead of the SHA-1 hash and cache + notBefore and notAfter times when X.509 certificates are parsed. + - The X.509 lookup code has been simplified and cleaned up. + - Fixed numerous issues flagged by coverity and the cryptofuzz + project + - Increased the number of Miller-Rabin checks in DH and DSA + key/parameter generation + - Started using the bytestring API in libcrypto for cleaner and + safer code + - Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated + ASN1 + - Convert ASN1_OBJECT_new() to calloc() + - Convert ASN1_STRING_type_new() to calloc() + - Rewrite ASN1_STRING_cmp() + - Use calloc() for X509_CRL_METHOD_new() instead of malloc() + - Convert ASN1_PCTX_new() to calloc() + - Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a + function + - Consolidate {d2i,i2d}_{pr,pu}.c + - Remove handling of a NULL BUF_MEM from asn1_collect() + - Pull the recursion depth check up to the top of asn1_collect() + - Inline collect_data() in asn1_collect() + - Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB + - Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN() + - Consolidate ASN.1 universal tag type data + - Rewrite ASN.1 identifier/length parsing in CBS + - Make OBJ_obj2nid() work correctly with NID_undef + - tlsext_tick_lifetime_hint is now an uint32_t + - Untangle ssl3_get_message() return values + - Rename tls13_buffer to tls_buffer + - Fold DTLS_STATE_INTERNAL into DTLS1_STATE + - Provide a way to determine our maximum legacy version + - Mop up enc_read_ctx and read_hash + - Fold SSL_SESSION_INTERNAL into SSL_SESSION + - Use ssl_force_want_read in the DTLS code + - Add record processing limit to DTLS code + - Add explicit CBS_contains_zero_byte() check in CBS_strdup() + - Improve SNI hostname validation + - Ensure SSL_set_tlsext_host_name() is given a valid hostname + - Fix a strange check in the auto DH codepath + - Factor out/rewrite DHE key exchange + - Convert server serialisation of DHE parameters/public key to new + functions + - Check DH public key in ssl_kex_peer_public_dhe() + - Move the minimum DHE key size check into ssl_kex_peer_params_dhe() + - Clean up and refactor server side DHE key exchange + - Provide CBS_get_last_u8() + - Provide CBS_get_u64() + - Provide CBS_add_u64() + - Provide various CBS_peek_* functions + - Use CBS_get_last_u8() to find the content type in TLSv1.3 records + - unifdef TLS13_USE_LEGACY_CLIENT_AUTH + - Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack + - Only allow zero length key shares when we know we're doing HRR + - Pull key share group/length CBB code up from + tls13_key_share_public() + - Refactor ssl3_get_server_kex_ecdhe() to separate parsing and + validation + - Return 0 on failure from send/get kex functions in the legacy + stack + - Rename tls13_key_share to tls_key_share + - Allocate and free the EVP_AEAD_CTX struct in + tls13_record_protection + - Convert legacy TLS client to tls_key_share + - Convert legacy TLS server to tls_key_share + - Stop attempting to duplicate the public and private key of dh_tmp + - Rename dh_tmp to dhe_params + - Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY + - Clean up pkey handling in ssl3_get_server_key_exchange() + - Fix GOST skip certificate verify handling + - Simplify tlsext_keyshare_server_parse() + - Plumb decode errors through key share parsing code + - Simplify SSL_get_peer_certificate() + - Cleanup/simplify ssl_cert_type() + - The S3I macro was removed + - The openssl(1) cms and smime subcommands option handling was + converted and the C source was cleaned up. + * Documentation improvements + - 45 new manual pages, most of which were written from scratch. + Documentation coverage of ASN.1 and X.509 code has been + significantly improved. + * API additions and removals + - libssl + API additions + SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex + API stubs for compatibility + SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets + SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets + SSL_get_num_tickets SSL_set_num_tickets + - libcrypto + added API (some of these were previously available as macros): + ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free + ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new + ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex + BIO_get_init BIO_set_callback_ex BIO_set_next + BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old + BN_abs_is_word BN_get_flags BN_is_negative + BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags + BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free + CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file + CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free + CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key + CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free + CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer + CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time + CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert + CT_POLICY_EVAL_CTX_set1_issuer + CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE + CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key + DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g + DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q + ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free + EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst + EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data + EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx + EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new + EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup + EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final + EVP_MD_meth_set_flags EVP_MD_meth_set_init + EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size + EVP_MD_meth_set_update EVP_PKEY_asn1_set_check + EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check + EVP_PKEY_check EVP_PKEY_meth_set_check + EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check + EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode + FIPS_mode_set IPAddressChoice_free IPAddressChoice_new + IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free + IPAddressOrRange_new IPAddressRange_free IPAddressRange_new + OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id + OCSP_resp_get0_produced_at OCSP_resp_get0_respdata + OCSP_resp_get0_signature OCSP_resp_get0_signer + OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional + RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp + RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q + SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free + SCT_get0_extensions SCT_get0_log_id SCT_get0_signature + SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source + SCT_get_timestamp SCT_get_validation_status SCT_get_version + SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions + SCT_set0_log_id SCT_set0_signature SCT_set1_extensions + SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type + SCT_set_signature_nid SCT_set_source SCT_set_timestamp + SCT_set_version SCT_validate SCT_validation_status_string + X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey + X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject + X509_STORE_CTX_get_num_untrusted + X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify + X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain + X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth + X509_STORE_CTX_set_verify X509_STORE_get_verify + X509_STORE_get_verify_cb X509_STORE_set_verify + X509_get_X509_PUBKEY X509_get_extended_key_usage + X509_get_extension_flags X509_get_key_usage + X509v3_addr_add_inherit X509v3_addr_add_prefix + X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi + X509v3_addr_get_range X509v3_addr_inherits + X509v3_addr_is_canonical X509v3_addr_subset + X509v3_addr_validate_path X509v3_addr_validate_resource_set + X509v3_asid_add_id_or_range X509v3_asid_add_inherit + X509v3_asid_canonize X509v3_asid_inherits + X509v3_asid_is_canonical X509v3_asid_subset + X509v3_asid_validate_path X509v3_asid_validate_resource_set + d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers + d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily + d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST + i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers + i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily + i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST + i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT + i2o_SCT_LIST o2i_SCT o2i_SCT_LIST + removed API: + ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss + EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init + NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new + NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free + NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit + PEM_SealUpdate PEM_read_X509_CERT_PAIR + PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR + PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free + X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb + asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore + asn1_enc_save asn1_ex_c2i asn1_get_choice_selector + asn1_get_field_ptr asn1_set_choice_selector check_defer + d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY + d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET + d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY + i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET + i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer + +3.4.1 - Stable release + + * New Features + - Added support for OpenSSL 1.1.1 TLSv1.3 APIs. + - Enabled the new X.509 validator to allow verification of + modern certificate chains. + * Portable Improvements + - Ported continuous integration and test infrastructure to Github + actions. + - Added Universal Windows Platform (UWP) build support. + - Fixed mingw-w64 builds on newer versions with missing SSP support. + - Added non-executable stack annotations for CMake builds. + * API and Documentation Enhancements + - Added the following APIs from OpenSSL + BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve + EC_GROUP_order_bits EC_GROUP_set_curve + EC_POINT_get_affine_coordinates + EC_POINT_set_affine_coordinates + EC_POINT_set_compressed_coordinates EVP_DigestSign + EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey + SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method + SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data + SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher + SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable + SSL_SESSION_set_max_early_data SSL_get_early_data_status + SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio + SSL_set_ciphersuites SSL_set_max_early_data + SSL_set_post_handshake_auth + SSL_set_psk_use_session_callback + SSL_verify_client_post_handshake SSL_write_early_data + - Added AES-GCM constants from RFC 7714 for SRTP. + * Compatibility Changes + - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache. + - Call the info callback on connect/accept exit in TLSv1.3, + needed for p5-Net-SSLeay. + - Default to using named curve parameter encoding from + pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE. + - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback. + * Testing and Proactive Security + - Added additional state machine test coverage. + - Improved integration test support with ruby/openssl tests. + - Error codes and callback support in new X.509 validator made + compatible with p5-Net_SSLeay tests. + * Internal Improvements + - Numerous fixes and improvements to the new X.509 validator to + ensure compatible error codes and callback support compatible + with the legacy OpenSSL validator. + +3.4.0 - Development release + + * Add support for OpenSSL 1.1.1 TLSv1.3 APIs. + + * Enable new x509 validator. + + * More details to come, testing is appreciated. + +3.3.5 - Security fix + + * A stack overread could occur when checking X.509 name constraints. + From GoldBinocle on GitHub. + + * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier. + This compensates for the expiry of the DST Root X3 certificate. + +3.3.4 - Security fix + + * In LibreSSL, printing a certificate can result in a crash in + X509_CERT_AUX_print(). + From Ingo Schwarze + + * Ensure GNU-stack is set on ELF platforms when building with CMake to + enable non-executable stack annotations for the GNU toolchain. + From Tobias Heider + +3.3.3 - Stable release + + * This is the first stable release from the 3.3.x series. + There are no changes from 3.3.2. + +3.3.2 - Development release + + * This release adds support for DTLSv1.2 and continues the rewrite + of the record layer for the legacy stack. Numerous bugs and + interoperability issues were fixed in the new verifier. A few bugs + and incompatibilities remain, so this release uses the old verifier + by default. The OpenSSL 1.1 TLSv1.3 API is not yet available. + + * Switch finish{,_peer}_md_len from an int to a size_t. + + * Make SSL_get{,_peer}_finished() work when used with TLSv1.3. + + * Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size + for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 + was a historical artefact. + + * Correct the return value type from ERR_peek_error() to a long. + + * Avoid use of uninitialized in ASN1_time_parse() which could happen + on parsing UTCTime if the caller did not initialise the passed + struct tm. + + * Destroy the mutex in a tls_config object on tls_config_free(). + + * Free alert_data and phh_data in tls13_record_layer_free() + these could leak if SSL_shutdown() or tls_close() were called + after closing the underlying socket(). + + * Free struct members in tls13_record_layer_free() in their natural + order for reviewability. + + * Gracefully handle root certificates being both trusted and + untrusted. + + * Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new + verifier. + + * Use the legacy verifier when building auto chains for TLS. + + * Use consistent names in tls13_{client,server}_finished_{recv,send}(). + + * Add tls13_secret_{init,cleanup}() and use them throughout the + TLSv1.3 code base. + + * Move the read MAC key into the TLSv1.2 record layer. + + * Make tls12_record_layer_free() NULL safe. + + * Search the intermediates only after searching the root certs in the + new verifier to avoid problems with the legacy callback. + + * Bail out early after finding a single chain in the new verifier, if + we have been called via the legacy verifier API. + + * Set (invalid and likely incomplete) chain on the xsc on chain build + failure prior to calling the callback. This is required by various + callers, including auto chain. + + * Align SSL_get_shared_ciphers() with OpenSSL. This takes into account + that it never returned server ciphers, so now it will fail when + called from the client side. + + * Add support for SSL_get_shared_ciphers() with TLSv1.3. + + * Split the record protection from the TLSv1.2 record layer. + + * Clean up sequence number handling in the new TLSv1.2 record layer. + + * Clean up sequence number handling in DTLS. + + * Clean up dtls1_reset_seq_numbers(). + + * Factor out code for explicit IV length, block size and MAC length + from tls12_record_layer_open_record_protected_cipher(). + + * Provide record layer overhead for DTLS. + + * Provide functions to determine if TLSv1.2 record protection is + engaged. + + * Add code to handle change of cipher state in the new TLSv1.2 record + layer. + + * Mop up now unused dtls1_build_sequence_numbers() function. + + * Allow setting a keypair on a tls context without specifying the + private key, and fake it internally in libtls. This removes the + need for privsep engines like relayd to use bogus keys. + + * Skip the private key check for fake private keys. + + * Move the private key setup from tls_configure_ssl_keypair() to a + helper function with proper error checking. + + * Change the internal tls_configure_ssl_keypair() function to + return -1 instead of 1 on failure. + + * Move sequence numbers into the new TLSv1.2 record layer. + + * Move AEAD handling into the new TLSv1.2 record layer. + + * Remove direct assignment of aead_ctx to avoid a leak. + + * Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360, + draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. + + * Fail early in legacy exporter if the master secret is not available + to avoid a segfault if it is called when the handshake is not + completed. + + * Factor out legacy stack version checks. + + * Correct handshake MAC/PRF for various TLSv1.2 cipher suites which + were originally added with the default handshake MAC and PRF rather + than the SHA256 handshake MAC and PRF. + + * Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md(). + + * Use dtls1_record_retrieve_buffered_record() to load buffered + application data. + + * Enforce read ahead with DTLS. + + * Remove bogus DTLS checks that disabled ECC and OCSP. + + * Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA". + + * Only print the certificate file once on verification failure. + + * Pull in fix for EVP_CipherUpdate() overflow from OpenSSL. + + * Clean up and simplify dtls1_get_cipher(). + + * Group HelloVerifyRequest decoding and add missing check for trailing + data. + + * Revise HelloVerifyRequest handling for DTLSv1.2. + + * Handle DTLS1_2_VERSION in various places. + + * Add DTLSv1.2 methods. + + * Make SSL{_CTX,}_get_{min,max}_proto_version() return a version of + zero if the minimum or maximum has been set to zero to match + OpenSSL's behavior. + + * Rename the "truncated" label into "decode_err" and the "f_err" + label into "fatal_err". + + * Factor out and change some of the legacy client version code. + + * Simplify version checks in the TLSv1.3 client. Ensure that the + server announced TLSv1.3 and nothing higher and check that the + legacy_version is set to TLSv1.2 as required by RFC 8446. + + * Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that + the new validator checks for EXFLAG_CRITICAL in + x509_vfy_check_chain_extension() for all untrusted certs in the + chain. Take into account that the root is not necessarily trusted. + + * Avoid passing last and depth to x509_verify_cert_error() on ENOMEM. + + * Rename depth to num_untrusted. + + * Only use TLS versions internally rather than both TLS and DTLS + versions since the latter are the one's complement of the human + readable version numbers, which means that newer versions decrease + in value. + + * Fix two bugs in the legacy verifier that resulted from refactoring + of X509_verify_cert() for the new verifier: a return value was + incorrectly treated as boolean, making it insufficient to decide + whether validation should carry on or not. + + * Identify DTLS based on the version major value. + + * Move handling of cipher/hash based cipher suites into the new record + layer. + + * Add tls12_record_protection_unused() and call it from CCS functions. + + * Move key/IV length checks closer to usage sites. Also add explicit + checks against EVP_CIPHER_{iv,key}_length(). + + * Replace two handrolled tls12_record_protection_engaged(). + + * Improve internal version handling: add handshake fields for our + minimum version, our maximum version and the TLS version negotiated + during the handshake. Convert most of the internal code to use these + version fields. + + * Guard against future internal use of TLS1_get_{client,}_version() + macros. + + * Remove the internal ssl_downgrade_max_version() function which is no + longer needed. + + * Fix checks for memory caps of constraints names. There are internal + caps on the number of name constraints and other names, that the new + name constraints code allocates per cert chain. These limits were + checked too late, making them only partially effective. + + * Use EXFLAG_INVALID to handle out of memory and parse errors in + x509v3_cache_extensions(). + + * Add support for DTLSv1.2 version handling. + + * Enable DTLSv1.2 support. + + * Add DTLSv1.2 support to openssl s_client/s_server. + + * Remove no longer needed read ahead workarounds in the s_client and + s_server. + + * Fix a copy-paste error - skid was confused with an akid when + checking for EXFLAG_INVALID. This broke OCSP validation with + certain mirrors. + + * Make supported protocols and options for DHE params more prominent + in tls_config_set_protocols.3. + + * Avoid a use-after-scope in tls13_cert_add(). + + * Split TLSv1.3 record protection from record layer. + + * Move the TLSv1.3 handshake struct inside the shared handshake + struct. + + * Fully initialize rrec in tls12_record_layer_open_record_protected() + to avoid confusing some static analyzers. + + * Use tls_set_errorx() on OCSP_basic_verify() failure since the latter + does not set errno. + + * Convert openssl(1) x509 to new option handling and do the usual + clean up that goes along with it. + + * Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data. + + * Rename new_cipher to cipher to align naming with keyblock or other + parts of the handshake data. + + * Avoid mangled output in BIO_debug_callback(). + + * Fix client initiated renegotiation by replacing use of s->internal-type + with s->server. + + * Move the TLSv1.2 record number increment into the new record layer. + + * Move finished and peer finished into the handshake struct. + + * Avoid transcript initialization when sending a TLS HelloRequest, + fixing server initiated renegotiation. + + * Remove pointless assignment in SSL_get0_alpn_selected(). + + * Provide EVP_PKEY_new_CMAC_KEY(3). + + * Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. + + * Add DTLSv1.2 to openssl(1) s_server and s_client protocol message + logging. + + * Avoid leaking param->name in x509_verify_param_zero(). + + * Avoid a leak in an error path in openssl(1) x509. + + * Add some error checking to openssl(1) x509. + + * When sending an alert in TLSv1.3, only set its error code when no + other error was set previously. Certain clients rely on specific + SSL_R_ error codes to identify that they are dealing with a self + signed cert. + + * Switch to the legacy verifier for the stable release. + + * Provide SSL_use_certificate_chain_file(3). + + * Provide SSL_set_hostflags(3) and SSL_get0_peername(3). + + * Provide various DTLSv1.2 specific functions and defines. + + * Document meaning of '*' in the genrsa output. + + * Updated documentation for SSL_get_shared_ciphers(3). + + * Add documentation for SSL_get_finished(3). + + * Document EVP_PKEY_new_CMAC_key(3) + + * Document SSL_use_certificate_chain_file(3). + + * Document SSL_set_hostflags(3) and SSL_get0_peername(3). + + * Update SSL_get_version.3 manual for DTLSv.1.2 support. + + * Added '--enable-libtls-only' build option, which builds and installs a + statically-linked libtls, skipping libcrypto and libssl. This is useful + for systems that ship with OpenSSL but wish to also package libtls. + +3.3.1 - Security fix + + * Malformed ASN.1 in a certificate revocation list or a timestamp + response token can lead to a NULL pointer dereference. + + Bug fixes + + * Move point-on-curve check to set_affine_coordinates to avoid + verifying ECDSA signatures with unchecked public keys. + + * Fix SSL_is_server() to behave as documented by re-introducing the + client-specific methods. + + * Avoid undefined behavior due to memcpy(NULL, NULL, 0). + + * Mark a few more internal static tables const. + +3.3.0 - Development release + + * Make openssl(1) s_server ignore -4 and -6 for compatibility with + OpenSSL. + + * Further cleanup of the DTLS record handling. + + * Continue the replacement of the TLSv1.2 record layer by + reimplementing the read side of the TLSv1.2 record handling. + + * Replace DTLSv1_enc_data() with TLSv1_1_enc_data(). + + * Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c. + + * When switching from the TLSv1.3 stack to the legacy stack include + a TLS record header. This is necessary if there is more than one + handshake message in the TLS plaintext record. + + * Set SO_REUSEADDR on the server socket in the openssl(1) ocsp + command. + + * Fix resource handling on error in OCSP_request_add0_id(). + + * Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into + .data.rel.ro and .rodata, respectively. + + * Add a const qualifier to srtp_known_profiles. + + * Simplify TLS method by removing the client and server specific + methods internally. + + * Avoid casting away const in ssl_ctx_make_profiles(). + + * Make sure there is enough room for stashing the handshake message + when switching to the legacy TLS stack. + + * Avoid explicitly conditioning an assert on DTLS1_VERSION to make + the assert work for newer DTLS versions. + + * Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL. + + * Send a host header with OCSP queries to make openssl(1) ocsp + work with some widely used OCSP responders. + + * Fix a memory leak in the openssl(1) s_client. + + * Add a flag to mark DTLS methods as DTLS to have an easy way to + recognize DTLS methods that avoids inspecting the version number. + + * Implement SSL_is_dtls() and use it internally in place of the + SSL_IS_DTLS macro. + + * Unbreak DTLS retransmissions for flights that include a CCS. + + * Add ability to ocspcheck(8) to parse a port in the specified + OCSP URL. + + * Refactor and clean up ocspcheck(8) and add regression tests. + + * If x509_verify() fails, ensure that the error is set on both + the x509_verify_ctx() and its store context to make some failures + visible from SSL_get_verify_result(). + + * Use the X509_STORE_CTX get_issuer() callback from the new X.509 + verifier to fix hashed certificate directories. + + * Only check BIO_should_read() on read and BIO_should_write() on + write. Previously, BIO_should_write() was also checked after read + and BIO_should_read() after write which could cause stalls in + software that uses the same BIO for read and write. + + * In openssl(1) verify, also check for error on the store context + since the return value of X509_verify_cert() is unreliable in + presence of a callback that returns 1 too often. + + * Update getentropy on Windows to use Cryptography Next Generation + (CNG). wincrypt is deprecated and no longer works with newer Windows + environments, such as in Windows Store apps. + + * Implement auto chain for the TLSv1.3 server since some software + relies on this. + + * Handle additional certificate error cases in the new X.509 verifier. + Keep track of the errors encountered if a verify callback tells the + verifier to continue and report them back via the error on the store + context. This mimics the behavior of the old verifier that would + persist the first error encountered while building the chain. + + * Report specific failures for "self signed certificates" in a way + compatible with the old verifier since software relies on the + error code. + + * Implement key exporter for TLSv1.3. + + * Plug a large memory leak in the new verifier caused by calling + X509_policy_check() repeatedly. + + * Avoid leaking memory in x509_verify_chain_dup(). + + * Various documentation improvements, particularly around TLS methods. + +3.2.3 - Security fix + + * Malformed ASN.1 in a certificate revocation list or a timestamp + response token can lead to a NULL pointer dereference. + 3.2.2 - Stable release * This is the first stable release with the new TLSv1.3 @@ -279,6 +1077,11 @@ LibreSSL Portable Release Notes: * Use non-expired certificates first when building a certificate chain. +3.1.5 - Security fix + + * Malformed ASN.1 in a certificate revocation list or a timestamp + response token can lead to a NULL pointer dereference. + 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates diff --git a/externals/libressl/README.md b/externals/libressl/README.md index 7e1308276..26855e620 100755 --- a/externals/libressl/README.md +++ b/externals/libressl/README.md @@ -1,4 +1,4 @@ -Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.2.tar.gz +Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2.tar.gz Modifications: - Removed tests/mandocs/pkgconfig/scripts/apps/cmake_uninstall from both filesystem and CMakeLists.txt @@ -9,7 +9,12 @@ Modifications: ![LibreSSL image](https://www.libressl.org/images/libressl.jpg) ## Official portable version of [LibreSSL](https://www.libressl.org) ## -[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl) +[![Linux Build Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml) +[![macOS Build Status](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml) +[![Android_Build Status](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml) +[![Cross_Build Status](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl) +[![ASan Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml) LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the [OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase, @@ -45,9 +50,9 @@ At the time of this writing, LibreSSL is known to build and work on: * AIX (5.3 and later) LibreSSL also supports the following Windows environments: -* Microsoft Windows (Vista or higher, x86 and x64) +* Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64) * Wine (32-bit and 64-bit) -* Builds with Mingw-w64, Cygwin, and Visual Studio +* Mingw-w64, Cygwin, and Visual Studio Official release tarballs are available at your friendly neighborhood OpenBSD mirror in directory diff --git a/externals/libressl/VERSION b/externals/libressl/VERSION index 19ef286ee..8b7c8d31e 100755 --- a/externals/libressl/VERSION +++ b/externals/libressl/VERSION @@ -1,2 +1,2 @@ -3.2.2 +3.5.2 diff --git a/externals/libressl/cert.pem b/externals/libressl/cert.pem new file mode 100755 index 000000000..0e50fe639 --- /dev/null +++ b/externals/libressl/cert.pem @@ -0,0 +1,5950 @@ +# $OpenBSD: cert.pem,v 1.24 2021/09/30 18:16:11 deraadt Exp $ +### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 + +=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6047274297262753887 (0x53ec3beefbb2485f) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 20 08:38:15 2009 GMT + Not After : Dec 31 08:38:15 2030 GMT + Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.firmaprofesional.com/cps + User Notice: + Explicit Text: + +SHA1 Fingerprint=AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA +SHA256 Fingerprint=04:04:80:28:BF:1F:28:64:D4:8F:9A:D4:D8:32:94:36:6A:82:88:56:55:3F:3B:14:30:3F:90:14:7F:5D:40:EF +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +### ACCV + +=== /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6828503384748696800 (0x5ec3b7a6437fa4e0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 5 09:37:37 2011 GMT + Not After : Dec 31 09:37:37 2030 GMT + Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt + OCSP - URI:http://ocsp.accv.es + + X509v3 Subject Key Identifier: + D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + User Notice: + Explicit Text: + CPS: http://www.accv.es/legislacion_c.htm + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Alternative Name: + email:accv@accv.es +SHA1 Fingerprint=93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 +SHA256 Fingerprint=9A:6E:C0:12:E1:A7:DA:9D:BE:34:19:4D:47:8A:D7:C0:DB:18:22:FB:07:1D:F1:29:81:49:6E:D1:04:38:41:13 +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +### Actalis S.p.A./03358520967 + +=== /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6271844772424770508 (0x570a119742c4e3cc) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 22 11:22:02 2011 GMT + Not After : Sep 22 11:22:02 2030 GMT + Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA + X509v3 extensions: + X509v3 Subject Key Identifier: + 52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC +SHA256 Fingerprint=55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66 +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +### AffirmTrust + +=== /C=US/O=AffirmTrust/CN=AffirmTrust Commercial +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8608355977964138876 (0x7777062726a9b17c) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 29 14:06:06 2010 GMT + Not After : Dec 31 14:06:06 2030 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial + X509v3 extensions: + X509v3 Subject Key Identifier: + 9D:93:C6:53:8B:5E:CA:AF:3F:9F:1E:0F:E5:99:95:BC:24:F6:94:8F + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 +SHA256 Fingerprint=03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7 +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Networking +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8957382827206547757 (0x7c4f04391cd4992d) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 29 14:08:24 2010 GMT + Not After : Dec 31 14:08:24 2030 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking + X509v3 extensions: + X509v3 Subject Key Identifier: + 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F +SHA256 Fingerprint=0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0:B4:1B +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Premium +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7893706540734352110 (0x6d8c1446b1a60aee) + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jan 29 14:10:36 2010 GMT + Not After : Dec 31 14:10:36 2040 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium + X509v3 extensions: + X509v3 Subject Key Identifier: + 9D:C0:67:A6:0C:22:D9:26:F5:45:AB:A6:65:52:11:27:D8:45:AC:63 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 +SHA256 Fingerprint=70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8401224907861490260 (0x7497258ac73f7a54) + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Jan 29 14:20:24 2010 GMT + Not After : Dec 31 14:20:24 2040 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 9A:AF:29:7A:C0:11:35:35:26:51:30:00:C3:6A:FE:40:D5:AE:D6:3C + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB +SHA256 Fingerprint=BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23 +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- + +### Agencia Catalana de Certificacio (NIF Q-0801176-I) + +=== /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + (Negative)11:d4:c2:14:2b:de:21:eb:57:9d:53:fb:0c:22:3b:ff + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 7 23:00:00 2003 GMT + Not After : Jan 7 22:59:59 2031 GMT + Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC + X509v3 extensions: + X509v3 Subject Alternative Name: + email:ec_acc@catcert.net + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A0:C3:8B:44:AA:37:A5:45:BF:97:80:5A:D1:F1:78:A2:9B:E9:5D:8D + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.15096.1.3.1.10 + CPS: https://www.catcert.net/verarrel + User Notice: + Explicit Text: Vegeu https://www.catcert.net/verarrel + +SHA1 Fingerprint=28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 +SHA256 Fingerprint=88:49:7F:01:60:2F:31:54:24:6A:E2:8C:4D:5A:EF:10:F1:D8:7E:BB:76:62:6F:4A:E0:B7:F9:5B:A7:96:87:99 +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- + +### Amazon + +=== /C=US/O=Amazon/CN=Amazon Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : Jan 17 00:00:00 2038 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08 +SHA1 Fingerprint=8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +SHA256 Fingerprint=8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B0:0C:F0:4C:30:F4:05:58:02:48:FD:33:E5:52:AF:4B:84:E3:66:52 +SHA1 Fingerprint=5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +SHA256 Fingerprint=1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0 +SHA1 Fingerprint=0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +SHA256 Fingerprint=18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + D3:EC:C7:3A:65:6E:CC:E1:DA:76:9A:56:FB:9C:F3:86:6D:57:E5:81 +SHA1 Fingerprint=F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +SHA256 Fingerprint=E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +### Atos + +=== /CN=Atos TrustedRoot 2011/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6643877497813316402 (0x5c33cb622c5fb332) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 14:58:30 2011 GMT + Not After : Dec 31 23:59:59 2030 GMT + Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE + X509v3 extensions: + X509v3 Subject Key Identifier: + A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 + + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6189.3.4.1.1 + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 +SHA256 Fingerprint=F3:56:BE:A2:44:B7:A9:1E:B3:5D:53:CA:9A:D7:86:4A:CE:01:8E:2D:35:D5:F8:F9:6D:DF:68:A6:F4:1A:A4:74 +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +### Baltimore + +=== /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 33554617 (0x20000b9) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 12 18:46:00 2000 GMT + Not After : May 12 23:59:00 2025 GMT + Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root + X509v3 extensions: + X509v3 Subject Key Identifier: + E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 +SHA256 Fingerprint=16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +### Buypass AS-983163327 + +=== /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 26 08:38:03 2010 GMT + Not After : Oct 26 08:38:03 2040 GMT + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C9:80:77:E0:62:92:82:F5:46:9C:F3:BA:F7:4C:C3:DE:B8:A3:AD:39 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99 +SHA256 Fingerprint=9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48 +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +=== /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 26 08:28:58 2010 GMT + Not After : Oct 26 08:28:58 2040 GMT + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 47:B8:CD:FF:E5:6F:EE:F8:B2:EC:2F:4E:0E:F9:25:B0:8E:3C:6B:C3 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57 +SHA256 Fingerprint=ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- + +### certSIGN + +=== /C=RO/O=certSIGN/OU=certSIGN ROOT CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 35210227249154 (0x200605167002) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jul 4 17:20:04 2006 GMT + Not After : Jul 4 17:20:04 2031 GMT + Subject: C=RO, O=certSIGN, OU=certSIGN ROOT CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E0:8C:9B:DB:25:49:B3:F1:7C:86:D6:B2:42:87:0B:D0:6B:A0:D9:E4 +SHA1 Fingerprint=FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B +SHA256 Fingerprint=EA:A9:62:C4:FA:4A:6B:AF:EB:E4:15:19:6D:35:1C:CD:88:8D:4F:53:F3:FA:8A:E6:D7:C4:66:A9:4E:60:42:BB +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +### CERTSIGN SA + +=== /C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:00:34:b6:4e:c6:36:2d:36 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 6 09:27:35 2017 GMT + Not After : Feb 6 09:27:35 2042 GMT + Subject: C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 82:21:2D:66:C6:D7:A0:E0:15:EB:CE:4C:09:77:C4:60:9E:54:6E:03 +SHA1 Fingerprint=26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 +SHA256 Fingerprint=65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g +Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ +BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ +R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF +dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw +vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ +uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp +n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs +cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW +xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P +rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF +DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx +DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy +LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C +eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ +d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq +kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl +qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 +OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c +NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk +ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO +pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj +03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk +PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE +1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX +QRBdJ3NghVdJIgc= +-----END CERTIFICATE----- + +### China Financial Certification Authority + +=== /C=CN/O=China Financial Certification Authority/CN=CFCA EV ROOT +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 407555286 (0x184accd6) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 8 03:07:01 2012 GMT + Not After : Dec 31 03:07:01 2029 GMT + Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F +SHA1 Fingerprint=E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 +SHA256 Fingerprint=5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +### Chunghwa Telecom Co., Ltd. + +=== /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 20 02:31:27 2004 GMT + Not After : Dec 20 02:31:27 2034 GMT + Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:0C:F7:B6:67:F2:E1:92:26:09:45:C0:55:39:2E:77:3F:42:4A:A2 + X509v3 Basic Constraints: + CA:TRUE + setCext-hashedRoot: + 0/0-...0...+......0...g*.....E... +V|.[x....S..... +SHA1 Fingerprint=67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 +SHA256 Fingerprint=C0:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5 +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +### Comodo CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 1 00:00:00 2004 GMT + Not After : Dec 31 23:59:59 2028 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/AAACertificateServices.crl + + Full Name: + URI:http://crl.comodo.net/AAACertificateServices.crl + +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 +SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +### COMODO CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 1 00:00:00 2006 GMT + Not After : Dec 31 23:59:59 2029 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/COMODOCertificationAuthority.crl + +SHA1 Fingerprint=66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B +SHA256 Fingerprint=0C:2C:D6:3D:F7:80:6F:A3:99:ED:E8:09:11:6B:57:5B:F8:79:89:F0:65:18:F9:80:8C:86:05:03:17:8B:AF:66 +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Mar 6 00:00:00 2008 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 75:71:A7:19:48:19:BC:9D:9D:EA:41:47:DF:94:C4:48:77:99:D3:79 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 +SHA256 Fingerprint=17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7 +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jan 19 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 +SHA256 Fingerprint=52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34 +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- + +### Cybertrust, Inc + +=== /O=Cybertrust, Inc/CN=Cybertrust Global Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:0f:85:aa:2d:48 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 15 08:00:00 2006 GMT + Not After : Dec 15 08:00:00 2021 GMT + Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www2.public-trust.com/crl/ct/ctroot.crl + + X509v3 Authority Key Identifier: + keyid:B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 + +SHA1 Fingerprint=5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 +SHA256 Fingerprint=96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3 +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- + +### D-Trust GmbH + +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 623603 (0x983f3) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 5 08:35:58 2009 GMT + Not After : Nov 5 08:35:58 2029 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + FD:DA:14:C4:9F:30:DE:21:BD:1E:42:39:FC:AB:63:23:49:E0:F1:84 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + + Full Name: + URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl + +SHA1 Fingerprint=58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 +SHA256 Fingerprint=49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1 +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 623604 (0x983f4) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 5 08:50:46 2009 GMT + Not After : Nov 5 08:50:46 2029 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D3:94:8A:4C:62:13:2A:19:2E:CC:AF:72:8A:7D:36:D7:9A:1C:DC:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + + Full Name: + URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl + +SHA1 Fingerprint=96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83 +SHA256 Fingerprint=EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81 +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +### Dhimyotis + +=== /C=FR/O=Dhimyotis/CN=Certigna +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + fe:dc:e3:01:0f:c9:48:ff + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 15:13:05 2007 GMT + Not After : Jun 29 15:13:05 2027 GMT + Subject: C=FR, O=Dhimyotis, CN=Certigna + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 + X509v3 Authority Key Identifier: + keyid:1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 + DirName:/C=FR/O=Dhimyotis/CN=Certigna + serial:FE:DC:E3:01:0F:C9:48:FF + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA +SHA1 Fingerprint=B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 +SHA256 Fingerprint=E3:B6:A2:DB:2E:D7:CE:48:84:2F:7A:C5:32:41:C7:B7:1D:54:14:4B:FB:40:C1:1F:3F:1D:0B:42:F5:EE:A1:2D +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +=== /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 1 08:32:27 2013 GMT + Not After : Oct 1 08:32:27 2033 GMT + Subject: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B + X509v3 Authority Key Identifier: + keyid:18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: https://wwww.certigna.fr/autorites/ + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.certigna.fr/certignarootca.crl + + Full Name: + URI:http://crl.dhimyotis.com/certignarootca.crl + +SHA1 Fingerprint=2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 +SHA256 Fingerprint=D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw +WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw +MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x +MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD +VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX +BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO +ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M +CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu +I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm +TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh +C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf +ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz +IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT +Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k +JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5 +hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB +GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov +L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo +dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr +aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq +hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L +6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG +HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6 +0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB +lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi +o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1 +gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v +faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63 +Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh +jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw +3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- + +### DigiCert Inc + +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F + X509v3 Authority Key Identifier: + keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F + +SHA1 Fingerprint=05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 +SHA256 Fingerprint=3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CE:C3:4A:B9:99:55:F2:B8:DB:60:BF:A9:7E:BD:56:B5:97:36:A7:D6 +SHA1 Fingerprint=A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F +SHA256 Fingerprint=7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CB:D0:BD:A9:E1:98:05:51:A1:4D:37:A2:83:79:CE:8D:1D:2A:E4:84 +SHA1 Fingerprint=F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 +SHA256 Fingerprint=7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 + X509v3 Authority Key Identifier: + keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 + +SHA1 Fingerprint=A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 +SHA256 Fingerprint=43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61 +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 +SHA1 Fingerprint=DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 +SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 +SHA1 Fingerprint=7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E +SHA256 Fingerprint=31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 + X509v3 Authority Key Identifier: + keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 + +SHA1 Fingerprint=5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 +SHA256 Fingerprint=74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F +SHA1 Fingerprint=DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 +SHA256 Fingerprint=55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- + +### Disig a.s. + +=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 92:b8:88:db:b0:8a:c1:63 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 19 09:15:30 2012 GMT + Not After : Jul 19 09:15:30 2042 GMT + Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B5:99:F8:AF:B0:94:F5:E3:20:D6:0A:AD:CE:4E:56:A4:2E:6E:42:ED +SHA1 Fingerprint=B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 +SHA256 Fingerprint=E2:3D:4A:03:6D:7B:70:E9:F5:95:B1:42:20:79:D2:B9:1E:DF:BB:1F:B6:51:A0:63:3E:AA:8A:9D:C5:F8:07:03 +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +### E-Tu\U011Fra EBG Bili\U015Fim Teknolojileri ve Hizmetleri A.\U015E. + +=== /C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7667447206703254355 (0x6a683e9c519bcb53) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 5 12:09:48 2013 GMT + Not After : Mar 3 12:09:48 2023 GMT + Subject: C=TR, L=Ankara, O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 +SHA256 Fingerprint=B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +### eMudhra Inc + +=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7b:71:b6:82:56:b8:12:7c:9c:a8 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 18 18:30:00 2018 GMT + Not After : Feb 18 18:30:00 2043 GMT + Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3 + X509v3 extensions: + X509v3 Subject Key Identifier: + FB:5A:48:D0:80:20:40:F2:A8:E9:00:07:69:19:77:A7:E6:C3:F4:CF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 +SHA256 Fingerprint=BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG +EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx +IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND +IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci +MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti +sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O +BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c +3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J +0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- +=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign Root CA - C1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + ae:cf:00:ba:c4:cf:32:f8:43:b2 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 18 18:30:00 2018 GMT + Not After : Feb 18 18:30:00 2043 GMT + Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1 + X509v3 extensions: + X509v3 Subject Key Identifier: + FE:A1:E0:70:1E:2A:03:39:52:5A:42:BE:5C:91:85:7A:18:AA:4D:B5 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +SHA256 Fingerprint=12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG +A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg +SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v +dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ +BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ +HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH +3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH +GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c +xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1 +aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq +TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87 +/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4 +kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG +YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT ++xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo +WXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- + +### eMudhra Technologies Limited + +=== /C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign ECC Root CA - G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:f6:07:a9:68:70:0e:da:8b:84 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 18 18:30:00 2018 GMT + Not After : Feb 18 18:30:00 2043 GMT + Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3 + X509v3 extensions: + X509v3 Subject Key Identifier: + 7C:5D:02:84:13:D4:CC:8A:9B:81:CE:17:1C:2E:29:1E:9C:48:63:42 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +SHA256 Fingerprint=86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG +EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo +bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ +TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s +b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0 +WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS +fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB +zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq +hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB +CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD ++JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- +=== /C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign Root CA - G1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 31:f5:e4:62:0c:6c:58:ed:d6:d8 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 18 18:30:00 2018 GMT + Not After : Feb 18 18:30:00 2043 GMT + Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1 + X509v3 extensions: + X509v3 Subject Key Identifier: + FB:EF:0D:86:9E:B0:E3:DD:A9:B9:F1:21:17:7F:3E:FC:F0:77:2B:1A + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C +SHA256 Fingerprint=40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD +VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU +ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH +MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO +MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv +Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz +f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO +8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq +d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM +tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt +Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB +o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x +PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM +wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d +GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH +6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby +RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- + +### Entrust, Inc. + +=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1246989352 (0x4a538c28) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 17:25:54 2009 GMT + Not After : Dec 7 17:55:54 2030 GMT + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB +SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 +SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - EC1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a6:8b:79:29:00:00:00:00:50:d0:91:f9 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 18 15:25:36 2012 GMT + Not After : Dec 18 15:55:36 2037 GMT + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49 +SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 +SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2015 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 27 11:11:16 2015 GMT + Not After : Dec 27 11:41:16 2037 GMT + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 9F:38:C4:56:23:C3:39:E8:A0:71:6C:E8:54:4C:E4:E8:3A:B1:BF:67 +SHA1 Fingerprint=14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 +SHA256 Fingerprint=DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw +gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL +Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg +MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw +BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0 +MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1 +c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ +bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ +2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E +T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j +5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM +C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T +DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX +wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A +2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm +nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 +dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl +N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj +c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS +5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS +Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr +hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/ +B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI +AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw +H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+ +b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk +2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol +IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk +5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY +n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw== +-----END CERTIFICATE----- +=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1164660820 (0x456b5054) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 27 20:23:42 2006 GMT + Not After : Nov 27 20:53:42 2026 GMT + Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Private Key Usage Period: + Not Before: Nov 27 20:23:42 2006 GMT, Not After: Nov 27 20:53:42 2026 GMT + X509v3 Authority Key Identifier: + keyid:68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D + + X509v3 Subject Key Identifier: + 68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D + 1.2.840.113533.7.65.0: + 0...V7.1:4.0.... +SHA1 Fingerprint=B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 +SHA256 Fingerprint=73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +### Entrust.net + +=== /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 946069240 (0x3863def8) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 24 17:50:51 1999 GMT + Not After : Jul 24 14:15:12 2029 GMT + Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 +SHA1 Fingerprint=50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 +SHA256 Fingerprint=6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +### FNMT-RCM + +=== /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 29 15:59:56 2008 GMT + Not After : Jan 1 00:00:00 2030 GMT + Subject: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:7D:C5:FD:C4:E8:9A:1B:77:64:A7:F5:1D:A0:CC:BF:87:60:9A:6D + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.cert.fnmt.es/dpcs/ + +SHA1 Fingerprint=EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +SHA256 Fingerprint=EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +=== /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:f6:32:6c:e5:c4:e3:68:5c:1b:62:dd:9c:2e:9d:95 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 20 09:37:33 2018 GMT + Not After : Dec 20 09:37:33 2043 GMT + Subject: C=ES, O=FNMT-RCM, OU=Ceres/2.5.4.97=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 01:B9:2F:EF:BF:11:86:60:F2:4F:D0:41:6E:AB:73:1F:E7:D2:6E:49 +SHA1 Fingerprint=62:FF:D9:9E:C0:65:0D:03:CE:75:93:D2:ED:3F:2D:32:C9:E3:E5:4A +SHA256 Fingerprint=55:41:53:B1:3D:2C:F9:DD:B7:53:BF:BE:1A:4E:0A:E0:8D:0A:A4:18:70:58:FE:60:A2:B8:62:B2:E4:B8:7B:CB +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw +CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw +FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S +Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5 +MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL +DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS +QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH +sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK +Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu +SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC +MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy +v+c= +-----END CERTIFICATE----- + +### GlobalSign + +=== /OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 +SHA1 Fingerprint=69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB +SHA256 Fingerprint=BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +=== /OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59 +SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA +SHA256 Fingerprint=17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +=== /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:0f:86:26:e6:0d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 15 08:00:00 2006 GMT + Not After : Dec 15 08:00:00 2021 GMT + Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.globalsign.net/root-r2.crl + + X509v3 Authority Key Identifier: + keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E + +SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE +SHA256 Fingerprint=CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +=== /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:21:58:53:08:a2 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 18 10:00:00 2009 GMT + Not After : Mar 18 10:00:00 2029 GMT + Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC +SHA1 Fingerprint=D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD +SHA256 Fingerprint=CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +=== /OU=GlobalSign Root CA - R6/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Dec 10 00:00:00 2014 GMT + Not After : Dec 10 00:00:00 2034 GMT + Subject: OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 + X509v3 Authority Key Identifier: + keyid:AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 + +SHA1 Fingerprint=80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 +SHA256 Fingerprint=2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- + +### GlobalSign nv-sa + +=== /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:d2:bb:ba:33:6e:d4:bc:e6:24:68:c5:0d:84:1d:98:e8:43 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Mar 20 00:00:00 2019 GMT + Not After : Mar 20 00:00:00 2046 GMT + Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 31:0A:90:8F:B6:C6:9D:D2:44:4B:80:B5:A2:E6:1F:B1:12:4F:1B:95 +SHA1 Fingerprint=39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84 +SHA256 Fingerprint=CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58 +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx +CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD +ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw +MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex +HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq +R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd +yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ +7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 ++RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE----- +=== /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:d2:bb:b9:d7:23:18:9e:40:5f:0a:9d:2d:d0:df:25:67:d1 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Mar 20 00:00:00 2019 GMT + Not After : Mar 20 00:00:00 2046 GMT + Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 03:5C:AB:73:81:87:A8:CC:B0:A6:D5:94:E2:36:96:49:FF:05:99:2C +SHA1 Fingerprint=53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90 +SHA256 Fingerprint=4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9 +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA +MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD +VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy +MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt +c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ +OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG +vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud +316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo +0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE +y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF +zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE ++cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN +I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs +x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa +ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC +4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 +7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti +2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk +pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF +FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt +rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk +ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 +u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP +4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 +N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 +vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 +-----END CERTIFICATE----- +=== /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:15:4b:5a:c3:94 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Sep 1 12:00:00 1998 GMT + Not After : Jan 28 12:00:00 2028 GMT + Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B +SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C +SHA256 Fingerprint=EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +### GoDaddy.com, Inc. + +=== /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE +SHA1 Fingerprint=47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B +SHA256 Fingerprint=45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- + +### Google Trust Services LLC + +=== /C=US/O=Google Trust Services LLC/CN=GTS Root R1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jun 22 00:00:00 2016 GMT + Not After : Jun 22 00:00:00 2036 GMT + Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E4:AF:2B:26:71:1A:2B:48:27:85:2F:52:66:2C:EF:F0:89:13:71:3E +SHA1 Fingerprint=E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 +SHA256 Fingerprint=2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX +mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 +zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P +fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc +vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 +Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp +zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO +Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW +k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ +DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF +lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW +Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 +d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z +XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR +gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 +d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv +J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg +DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM ++SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy +F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 +SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws +E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl +-----END CERTIFICATE----- +=== /C=US/O=Google Trust Services LLC/CN=GTS Root R2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jun 22 00:00:00 2016 GMT + Not After : Jun 22 00:00:00 2036 GMT + Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + BB:FF:CA:8E:23:9F:4F:99:CA:DB:E2:68:A6:A5:15:27:17:1E:D9:0E +SHA1 Fingerprint=D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D +SHA256 Fingerprint=C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg +GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu +XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd +re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu +PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 +mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K +8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj +x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR +nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 +kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok +twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp +8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT +vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT +z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA +pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb +pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB +R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R +RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk +0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC +5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF +izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn +yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC +-----END CERTIFICATE----- +=== /C=US/O=Google Trust Services LLC/CN=GTS Root R3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Jun 22 00:00:00 2016 GMT + Not After : Jun 22 00:00:00 2036 GMT + Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R3 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C1:F1:26:BA:A0:2D:AE:85:81:CF:D3:F1:2A:12:BD:B8:0A:67:FD:BC +SHA1 Fingerprint=30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 +SHA256 Fingerprint=15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +-----BEGIN CERTIFICATE----- +MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A +DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk +fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA +njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd +-----END CERTIFICATE----- +=== /C=US/O=Google Trust Services LLC/CN=GTS Root R4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Jun 22 00:00:00 2016 GMT + Not After : Jun 22 00:00:00 2036 GMT + Subject: C=US, O=Google Trust Services LLC, CN=GTS Root R4 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 80:4C:D6:EB:74:FF:49:36:A3:D5:D8:FC:B5:3E:C5:6A:F0:94:1D:8C +SHA1 Fingerprint=2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB +SHA256 Fingerprint=71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +-----BEGIN CERTIFICATE----- +MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l +xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 +CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx +sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== +-----END CERTIFICATE----- + +### GUANG DONG CERTIFICATE AUTHORITY CO.,LTD. + +=== /C=CN/O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD./CN=GDCA TrustAUTH R5 ROOT +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9009899650740120186 (0x7d0997fef047ea7a) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 26 05:13:15 2014 GMT + Not After : Dec 31 15:59:59 2040 GMT + Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT + X509v3 extensions: + X509v3 Subject Key Identifier: + E2:C9:40:9F:4D:CE:E8:9A:A1:7C:CF:0E:3F:65:C5:29:88:6A:19:51 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 +SHA256 Fingerprint=BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +### Hellenic Academic and Research Institutions Cert. Authority + +=== /C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions ECC RootCA 2015 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Jul 7 10:37:12 2015 GMT + Not After : Jun 30 10:37:12 2040 GMT + Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B4:22:0B:82:99:24:01:0E:9C:BB:E4:0E:FD:BF:FB:97:20:93:99:2A +SHA1 Fingerprint=9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +SHA256 Fingerprint=44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +=== /C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2015 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 10:11:21 2015 GMT + Not After : Jun 30 10:11:21 2040 GMT + Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 71:15:67:C8:C8:C9:BD:75:5D:72:D0:38:18:6A:9D:F3:71:24:54:0B +SHA1 Fingerprint=01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +SHA256 Fingerprint=A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +=== /C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 6 13:49:52 2011 GMT + Not After : Dec 1 13:49:52 2031 GMT + Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A6:91:42:FD:13:61:4A:23:9E:08:A4:29:E5:D8:13:04:23:EE:41:25 + X509v3 Name Constraints: + Permitted: + DNS:.gr + DNS:.eu + DNS:.edu + DNS:.org + email:.gr + email:.eu + email:.edu + email:.org + +SHA1 Fingerprint=FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D +SHA256 Fingerprint=BC:10:4F:15:A4:8B:E7:09:DC:A5:42:A7:E1:D4:B9:DF:6F:05:45:27:E8:02:EA:A9:2D:59:54:44:25:8A:FE:71 +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- + +### Hongkong Post + +=== /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1000 (0x3e8) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 15 05:13:14 2003 GMT + Not After : May 15 04:52:29 2023 GMT + Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Certificate Sign, CRL Sign +SHA1 Fingerprint=D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 +SHA256 Fingerprint=F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +=== /C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 3 02:29:46 2017 GMT + Not After : Jun 3 02:29:46 2042 GMT + Subject: C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + keyid:17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 + + X509v3 Subject Key Identifier: + 17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 +SHA1 Fingerprint=58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +SHA256 Fingerprint=5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ +SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n +a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 +NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT +CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u +Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO +dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI +VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV +9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY +2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY +vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt +bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb +x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ +l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK +TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj +Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw +DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG +7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk +MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr +gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk +GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS +3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm +Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ +l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c +JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP +L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa +LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG +mpv0 +-----END CERTIFICATE----- + +### IdenTrust + +=== /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 16 18:12:23 2014 GMT + Not After : Jan 16 18:12:23 2034 GMT + Subject: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + ED:44:19:C0:D3:F0:06:8B:EE:A4:7B:BE:42:E7:26:54:C8:8E:36:76 +SHA1 Fingerprint=DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 +SHA256 Fingerprint=5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +=== /C=US/O=IdenTrust/CN=IdenTrust Public Sector Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 16 17:53:32 2014 GMT + Not After : Jan 16 17:53:32 2034 GMT + Subject: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:71:E0:9E:D8:A7:42:D9:DB:71:91:6B:94:93:EB:C3:A3:D1:14:A3 +SHA1 Fingerprint=BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD +SHA256 Fingerprint=30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +### Internet Security Research Group + +=== /C=US/O=Internet Security Research Group/CN=ISRG Root X1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 4 11:04:38 2015 GMT + Not After : Jun 4 11:04:38 2035 GMT + Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E +SHA1 Fingerprint=CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +### IZENPE S.A. + +=== /C=ES/O=IZENPE S.A./CN=Izenpe.com +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 13 13:08:28 2007 GMT + Not After : Dec 13 08:27:25 2037 GMT + Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com + X509v3 extensions: + X509v3 Subject Alternative Name: + email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05 +SHA1 Fingerprint=2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 +SHA256 Fingerprint=25:30:CC:8E:98:32:15:02:BA:D9:6F:9B:1F:BA:1B:09:9E:2D:29:9E:0F:45:48:BB:91:4F:36:3B:C0:D4:53:1F +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +### Japan Certification Services, Inc. + +=== /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Apr 8 04:56:47 2009 GMT + Not After : Apr 8 04:56:47 2029 GMT + Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 +SHA256 Fingerprint=BF:0F:EE:FB:9E:3A:58:1A:D5:F9:E9:DB:75:89:98:57:43:D2:61:08:5C:4D:31:4F:6F:5D:72:59:AA:42:16:12 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +### Krajowa Izba Rozliczeniowa S.A. + +=== /C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 19 07:43:30 2015 GMT + Not After : Oct 19 07:43:30 2035 GMT + Subject: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 2E:16:A9:4A:18:B5:CB:CC:F5:6F:50:F3:23:5F:F8:5D:E7:AC:F0:C8 +SHA1 Fingerprint=E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +SHA256 Fingerprint=A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +### Microsec Ltd. + +=== /C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno Root CA 2017 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:54:48:ef:21:fd:97:59:0d:f5:04:0a + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Aug 22 12:07:06 2017 GMT + Not After : Aug 22 12:07:06 2042 GMT + Subject: C=HU, L=Budapest, O=Microsec Ltd./2.5.4.97=VATHU-23584497, CN=e-Szigno Root CA 2017 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 + X509v3 Authority Key Identifier: + keyid:87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 + +SHA1 Fingerprint=89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 +SHA256 Fingerprint=BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99 +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV +BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk +LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv +b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ +BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg +THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v +IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv +xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H +Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB +eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo +jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ ++efcMQ== +-----END CERTIFICATE----- +=== /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c2:7e:43:04:4e:47:3f:19 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 16 11:30:18 2009 GMT + Not After : Dec 30 11:30:18 2029 GMT + Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 + X509v3 Authority Key Identifier: + keyid:CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 + + X509v3 Subject Alternative Name: + email:info@e-szigno.hu +SHA1 Fingerprint=89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E +SHA256 Fingerprint=3C:5F:81:FE:A5:FA:B8:2C:64:BF:A2:EA:EC:AF:CD:E8:E0:77:FC:86:20:A7:CA:E5:37:16:3D:F3:6E:DB:F3:78 +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +### Microsoft Corporation + +=== /C=US/O=Microsoft Corporation/CN=Microsoft ECC Root Certificate Authority 2017 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 18 23:06:45 2019 GMT + Not After : Jul 18 23:16:04 2042 GMT + Subject: C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C8:CB:99:72:70:52:0C:F8:E6:BE:B2:04:57:29:2A:CF:42:10:ED:35 + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 +SHA256 Fingerprint=35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD +VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw +MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy +b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR +ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb +hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 +FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV +L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB +iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- +=== /C=US/O=Microsoft Corporation/CN=Microsoft RSA Root Certificate Authority 2017 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Dec 18 22:51:22 2019 GMT + Not After : Jul 18 23:00:23 2042 GMT + Subject: C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 09:CB:59:7F:86:B2:70:8F:1A:C3:39:E3:C0:D9:E9:BF:BB:4D:B2:23 + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 +SHA256 Fingerprint=C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N +aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ +Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 +ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 +HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm +gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ +jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc +aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG +YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 +W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K +UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH ++FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q +W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC +LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC +gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 +tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh +SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 +TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 +pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR +xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp +GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 +dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN +AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB +RA+GsCyRxj3qrg+E +-----END CERTIFICATE----- + +### NAVER BUSINESS PLATFORM Corp. + +=== /C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:94:30:1e:a2:0b:dd:f5:c5:33:2a:b1:43:44:71:f8:d6:50:4d:0d + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Aug 18 08:58:42 2017 GMT + Not After : Aug 18 23:59:59 2037 GMT + Subject: C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:9F:88:DF:A1:CD:2C:BD:EC:F5:3B:01:01:93:33:27:B2:EB:60:4B + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=8F:6B:F2:A9:27:4A:DA:14:A0:C4:F4:8E:61:27:F9:C0:1E:78:5D:D1 +SHA256 Fingerprint=88:F4:38:DC:F8:FF:D1:FA:8F:42:91:15:FF:E5:F8:2A:E1:E0:6E:0C:70:C3:75:FA:AD:71:7B:34:A4:9E:72:65 +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM +BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG +T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx +CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD +b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA +iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH +38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE +HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz +kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP +szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq +vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf +nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG +YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo +0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a +CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K +AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I +36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN +qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj +cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm ++LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL +hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe +lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 +p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 +piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR +LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX +5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO +dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul +9XXeifdy +-----END CERTIFICATE----- + +### NetLock Kft. + +=== /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 80544274841616 (0x49412ce40010) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 11 15:08:21 2008 GMT + Not After : Dec 6 15:08:21 2028 GMT + Subject: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CC:FA:67:93:F0:B6:B8:D0:A5:C0:1E:F3:53:FD:8C:53:DF:83:D7:96 +SHA1 Fingerprint=06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 +SHA256 Fingerprint=6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +### Network Solutions L.L.C. + +=== /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 1 00:00:00 2006 GMT + Not After : Dec 31 23:59:59 2029 GMT + Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 21:30:C9:FB:00:D7:4E:98:DA:87:AA:2A:D0:A7:2E:B1:40:31:A7:4C + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl + +SHA1 Fingerprint=74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE +SHA256 Fingerprint=15:F0:BA:00:A3:AC:7A:F3:AC:88:4C:07:2B:10:11:A0:77:BD:77:C0:97:F4:01:64:B2:F8:59:8A:BD:83:86:0C +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- + +### QuoVadis Limited + +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 17:27:44 2012 GMT + Not After : Jan 12 17:27:44 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A3:97:D6:F3:5E:A2:10:E1:AB:45:9F:3C:17:64:3C:EE:01:70:9C:CC +SHA1 Fingerprint=1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 +SHA256 Fingerprint=8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1289 (0x509) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 24 18:27:00 2006 GMT + Not After : Nov 24 18:23:33 2031 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B + X509v3 Authority Key Identifier: + keyid:1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B + DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 + serial:05:09 + +SHA1 Fingerprint=CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7 +SHA256 Fingerprint=85:A0:DD:7D:D7:20:AD:B7:FF:05:F8:3D:54:2B:20:9D:C7:FF:45:28:F7:D6:77:B1:83:89:FE:A5:E5:C4:9E:86 +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 18:59:32 2012 GMT + Not After : Jan 12 18:59:32 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D +SHA1 Fingerprint=09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 +SHA256 Fingerprint=8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1478 (0x5c6) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 24 19:11:23 2006 GMT + Not After : Nov 24 19:06:44 2031 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.8024.0.3 + User Notice: + Explicit Text: Any use of this Certificate constitutes acceptance of the QuoVadis Root CA 3 Certificate Policy / Certification Practice Statement. + CPS: http://www.quovadisglobal.com/cps + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 + X509v3 Authority Key Identifier: + keyid:F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 + DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 + serial:05:C6 + +SHA1 Fingerprint=1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85 +SHA256 Fingerprint=18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35 +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 20:26:32 2012 GMT + Not After : Jan 12 20:26:32 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + C6:17:D0:BC:A8:EA:02:43:F2:1B:06:99:5D:2B:90:20:B9:D7:9C:E4 +SHA1 Fingerprint=48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D +SHA256 Fingerprint=88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +### SECOM Trust Systems CO.,LTD. + +=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 29 05:00:39 2009 GMT + Not After : May 29 05:00:39 2029 GMT + Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 + X509v3 extensions: + X509v3 Subject Key Identifier: + 0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 +SHA256 Fingerprint=51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6 +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +### SECOM Trust.net + +=== /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Sep 30 04:20:49 2003 GMT + Not After : Sep 30 04:20:49 2023 GMT + Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 +SHA256 Fingerprint=E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- + +### SecureTrust Corporation + +=== /C=US/O=SecureTrust Corporation/CN=Secure Global CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 7 19:42:28 2006 GMT + Not After : Dec 31 19:52:06 2029 GMT + Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.securetrust.com/SGCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B +SHA256 Fingerprint=42:00:F5:04:3A:C8:59:0E:BB:52:7D:20:9E:D1:50:30:29:FB:CB:D4:1C:A1:B5:06:EC:27:F1:5A:DE:7D:AC:69 +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +=== /C=US/O=SecureTrust Corporation/CN=SecureTrust CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 7 19:31:18 2006 GMT + Not After : Dec 31 19:40:55 2029 GMT + Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 42:32:B6:16:FA:04:FD:FE:5D:4B:7A:C3:FD:F7:4C:40:1D:5A:43:AF + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.securetrust.com/STCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 +SHA256 Fingerprint=F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73 +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +### Sonera + + +### SSL Corporation + +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3182246526754555285 (0x2c299c5b16ed0595) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Feb 12 18:15:23 2016 GMT + Not After : Feb 12 18:15:23 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D +SHA256 Fingerprint=22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority RSA R2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6248227494352943350 (0x56b629cd34bc78f6) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 31 18:14:37 2017 GMT + Not After : May 30 18:14:37 2042 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E + + X509v3 Subject Key Identifier: + F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A +SHA256 Fingerprint=2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8495723813297216424 (0x75e6dfcbc1685ba8) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Feb 12 18:14:03 2016 GMT + Not After : Feb 12 18:14:03 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A +SHA256 Fingerprint=34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority RSA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8875640296558310041 (0x7b2c9bd316803299) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 12 17:39:39 2016 GMT + Not After : Feb 12 17:39:39 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA + X509v3 extensions: + X509v3 Subject Key Identifier: + DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB +SHA256 Fingerprint=85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +### Staat der Nederlanden + +=== /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10000013 (0x98968d) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 8 11:19:29 2010 GMT + Not After : Dec 8 11:10:28 2022 GMT + Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + FE:AB:00:90:98:9E:24:FC:A9:CC:1A:8A:FB:27:B8:BF:30:6E:A8:3B +SHA1 Fingerprint=76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB +SHA256 Fingerprint=4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- + +### Starfield Technologies, Inc. + +=== /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 17:39:16 2004 GMT + Not After : Jun 29 17:39:16 2034 GMT + Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + X509v3 Authority Key Identifier: + keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority + serial:00 + + X509v3 Basic Constraints: + CA:TRUE +SHA1 Fingerprint=AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A +SHA256 Fingerprint=14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27 +SHA1 Fingerprint=B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E +SHA256 Fingerprint=2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5 +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83 +SHA1 Fingerprint=92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F +SHA256 Fingerprint=56:8D:69:05:A2:C8:87:08:A4:B3:02:51:90:ED:CF:ED:B1:97:4A:60:6A:13:C6:E5:29:0F:CB:2A:E6:3E:DA:B5 +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- + +### SwissSign AG + +=== /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + bb:40:1c:43:f5:5e:4f:b0 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 25 08:30:35 2006 GMT + Not After : Oct 25 08:30:35 2036 GMT + Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + X509v3 Authority Key Identifier: + keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + + X509v3 Certificate Policies: + Policy: 2.16.756.1.89.1.2.1.1 + CPS: http://repository.swisssign.com/ + +SHA1 Fingerprint=D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61 +SHA256 Fingerprint=62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95 +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +=== /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5700383053117599563 (0x4f1bd42f54bb2f4b) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 25 08:32:46 2006 GMT + Not After : Oct 25 08:32:46 2036 GMT + Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 + X509v3 Authority Key Identifier: + keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 + + X509v3 Certificate Policies: + Policy: 2.16.756.1.89.1.3.1.1 + CPS: http://repository.swisssign.com/ + +SHA1 Fingerprint=9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB +SHA256 Fingerprint=BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5 +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +### T-Systems Enterprise Services GmbH + +=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 1 10:40:14 2008 GMT + Not After : Oct 1 23:59:59 2033 GMT + Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A +SHA1 Fingerprint=59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 +SHA256 Fingerprint=91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52 +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 1 10:29:56 2008 GMT + Not After : Oct 1 23:59:59 2033 GMT + Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA +SHA1 Fingerprint=55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 +SHA256 Fingerprint=FD:73:DA:D3:1C:64:4F:F1:B4:3B:EF:0C:CD:DA:96:71:0B:9C:D9:87:5E:CA:7E:31:70:7A:F3:E9:6D:52:2B:BD +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- + +### TAIWAN-CA + +=== /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3262 (0xcbe) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 27 06:28:33 2012 GMT + Not After : Dec 31 15:59:59 2030 GMT + Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65 +SHA256 Fingerprint=59:76:90:07:F7:68:5D:0F:CD:50:87:2F:9F:95:D5:75:5A:5B:2B:45:7D:81:F3:69:2B:61:0A:98:67:2F:0E:1B +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +=== /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Aug 28 07:24:33 2008 GMT + Not After : Dec 31 15:59:59 2030 GMT + Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 6A:38:5B:26:8D:DE:8B:5A:F2:4F:7A:54:83:19:18:E3:08:35:A6:BA +SHA1 Fingerprint=CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 +SHA256 Fingerprint=BF:D8:8F:E1:10:1C:41:AE:3E:80:1B:F8:BE:56:35:0E:E9:BA:D1:A6:B9:BD:51:5E:DC:5C:6D:5B:87:11:AC:44 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +### TeliaSonera + +=== /O=TeliaSonera/CN=TeliaSonera Root CA v1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 18 12:00:50 2007 GMT + Not After : Oct 18 12:00:50 2032 GMT + Subject: O=TeliaSonera, CN=TeliaSonera Root CA v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F0:8F:59:38:00:B3:F5:8F:9A:96:0C:D5:EB:FA:7B:AA:17:E8:13:12 +SHA1 Fingerprint=43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 +SHA256 Fingerprint=DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89 +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +### The Go Daddy Group, Inc. + +=== /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 17:06:20 2004 GMT + Not After : Jun 29 17:06:20 2034 GMT + Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 + X509v3 Authority Key Identifier: + keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 + DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority + serial:00 + + X509v3 Basic Constraints: + CA:TRUE +SHA1 Fingerprint=27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 +SHA256 Fingerprint=C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4 +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- + +### The USERTRUST Network + +=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 +SHA256 Fingerprint=4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E +SHA256 Fingerprint=E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2 +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +### TrustCor Systems S. de R.L. + +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor ECA-1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 84:82:2c:5f:1c:62:d0:40 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:33 2016 GMT + Not After : Dec 31 17:28:07 2029 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 44:9E:48:F5:CC:6D:48:D4:A0:4B:7F:FE:59:24:2F:83:97:99:9A:86 + X509v3 Authority Key Identifier: + keyid:44:9E:48:F5:CC:6D:48:D4:A0:4B:7F:FE:59:24:2F:83:97:99:9A:86 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD +SHA256 Fingerprint=5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + da:9b:ec:71:f3:03:b0:19 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:16 2016 GMT + Not After : Dec 31 17:23:16 2029 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1 + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:6B:49:3C:7A:3F:0D:E3:B1:09:B7:8A:C8:AB:19:9F:73:33:50:E7 + X509v3 Authority Key Identifier: + keyid:EE:6B:49:3C:7A:3F:0D:E3:B1:09:B7:8A:C8:AB:19:9F:73:33:50:E7 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A +SHA256 Fingerprint=D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2711694510199101698 (0x25a1dfca33cb5902) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:23 2016 GMT + Not After : Dec 31 17:26:39 2034 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2 + X509v3 extensions: + X509v3 Subject Key Identifier: + D9:FE:21:40:6E:94:9E:BC:9B:3D:9C:7D:98:20:19:E5:8C:30:62:B2 + X509v3 Authority Key Identifier: + keyid:D9:FE:21:40:6E:94:9E:BC:9B:3D:9C:7D:98:20:19:E5:8C:30:62:B2 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 +SHA256 Fingerprint=07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- + +### Trustis Limited + +=== /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 23 12:14:06 2003 GMT + Not After : Jan 21 11:36:54 2024 GMT + Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 + + X509v3 Subject Key Identifier: + BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 +SHA1 Fingerprint=3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04 +SHA256 Fingerprint=C1:B4:82:99:AB:A5:20:8F:E9:63:0A:CE:55:CA:68:A0:3E:DA:5A:51:9C:88:02:A0:D3:A6:73:BE:8F:8E:55:7D +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- + +### Trustwave Holdings, Inc. + +=== /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 05:f7:0e:86:da:49:f3:46:35:2e:ba:b2 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 23 19:34:12 2017 GMT + Not After : Aug 23 19:34:12 2042 GMT + Subject: C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 99:E0:19:67:0D:62:DB:76:B3:DA:3D:B8:5B:E8:FD:42:D2:31:0E:87 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=2F:8F:36:4F:E1:58:97:44:21:59:87:A5:2A:9A:D0:69:95:26:7F:B5 +SHA256 Fingerprint=97:55:20:15:F5:DD:FC:3C:87:88:C0:06:94:45:55:40:88:94:45:00:84:F1:00:86:70:86:BC:1A:2B:B5:8D:C8 +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw +CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x +ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 +c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx +OTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI +SWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn +swuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu +7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8 +1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW +80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP +JqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l +RtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw +hI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10 +coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc +BW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n +twiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W +0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe +uyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q +lG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB +aCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE +sLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT +MaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe +qu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh +VicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8 +h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9 +EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK +yeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- +=== /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0d:6a:5f:08:3f:28:5c:3e:51:95:df:5d + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Aug 23 19:35:10 2017 GMT + Not After : Aug 23 19:35:10 2042 GMT + Subject: C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A3:41:06:AC:90:6D:D1:4A:EB:75:A5:4A:10:99:B3:B1:A1:8B:4A:F7 +SHA1 Fingerprint=B4:90:82:DD:45:0C:BE:8B:5B:B1:66:D3:E2:A4:08:26:CD:ED:42:CF +SHA256 Fingerprint=94:5B:BC:82:5E:A5:54:F4:89:D1:FD:51:A7:3D:DF:2E:A6:24:AC:70:19:A0:52:05:22:5C:22:A7:8C:CF:A8:B4 +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN +FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w +DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw +CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh +DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- +=== /C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:bd:85:97:6c:99:27:a4:80:68:47:3b + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 23 19:36:43 2017 GMT + Not After : Aug 23 19:36:43 2042 GMT + Subject: C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 55:A9:84:89:D2:C1:32:BD:18:CB:6C:A6:07:4E:C8:E7:9D:BE:82:90 +SHA1 Fingerprint=E7:F3:A3:C8:CF:6F:C3:04:2E:6D:0E:67:32:C5:9E:68:95:0D:5E:D2 +SHA256 Fingerprint=55:90:38:59:C8:C0:C3:EB:B8:75:9E:CE:4E:25:57:22:5F:F5:75:8B:BD:38:EB:D4:82:76:60:1E:1B:D5:80:97 +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB +BAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ +j9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF +1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G +A1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3 +AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC +MGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu +Sw== +-----END CERTIFICATE----- + +### Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK + +=== /C=TR/L=Gebze - Kocaeli/O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK/OU=Kamu Sertifikasyon Merkezi - Kamu SM/CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 25 08:25:55 2013 GMT + Not After : Oct 25 08:25:55 2043 GMT + Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 65:3F:C7:8A:86:C6:3C:DD:3C:54:5C:35:F8:3A:ED:52:0C:47:57:C8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA +SHA256 Fingerprint=46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +### UniTrust + +=== /C=CN/O=UniTrust/CN=UCA Extended Validation Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 13 00:00:00 2015 GMT + Not After : Dec 31 00:00:00 2038 GMT + Subject: C=CN, O=UniTrust, CN=UCA Extended Validation Root + X509v3 extensions: + X509v3 Subject Key Identifier: + D9:74:3A:E4:30:3D:0D:F7:12:DC:7E:5A:05:9F:1E:34:9A:F7:E1:14 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +SHA256 Fingerprint=D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF +eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx +MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV +BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog +D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS +sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop +O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk +sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi +c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj +VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz +KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ +TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G +sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs +1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD +fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN +l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ +VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 +c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp +4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s +t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj +2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO +vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C +xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx +cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM +fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax +-----END CERTIFICATE----- +=== /C=CN/O=UniTrust/CN=UCA Global G2 Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 11 00:00:00 2016 GMT + Not After : Dec 31 00:00:00 2040 GMT + Subject: C=CN, O=UniTrust, CN=UCA Global G2 Root + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 81:C4:8C:CC:F5:E4:30:FF:A5:0C:08:5F:8C:15:67:21:74:01:DF:DF +SHA1 Fingerprint=28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +SHA256 Fingerprint=9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH +bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x +CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds +b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr +b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 +kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm +VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R +VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc +C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj +tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY +D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv +j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl +NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 +iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP +O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV +ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj +L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl +1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU +b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV +PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj +y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb +EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg +DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI ++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy +YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX +UB+K+wb1whnw0A== +-----END CERTIFICATE----- + +### Unizeto Technologies S.A. + +=== /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 279744 (0x444c0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 22 12:07:37 2008 GMT + Not After : Dec 31 12:07:37 2029 GMT + Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E +SHA256 Fingerprint=5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +### WISeKey + +=== /C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GB CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 1 15:00:32 2014 GMT + Not After : Dec 1 15:10:31 2039 GMT + Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 35:0F:C8:36:63:5E:E2:A3:EC:F9:3B:66:15:CE:51:52:E3:91:9A:3D + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +SHA256 Fingerprint=6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +=== /C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GC CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: May 9 09:48:34 2017 GMT + Not After : May 9 09:58:33 2042 GMT + Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 48:87:14:AC:E3:C3:9E:90:60:3A:D7:CA:89:EE:D3:AD:8C:B4:50:66 + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 +SHA256 Fingerprint=85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw +CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 +bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg +Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ +BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu +ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS +b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni +eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W +p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T +rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV +57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg +Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- + +### XRamp Security Services Inc + +=== /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 1 17:14:04 2004 GMT + Not After : Jan 1 05:37:19 2035 GMT + Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.xrampsecurity.com/XGCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 +SHA256 Fingerprint=CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2 +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- diff --git a/externals/libressl/crypto/CMakeLists.txt b/externals/libressl/crypto/CMakeLists.txt index 7066cc8d3..9b66d9f69 100755 --- a/externals/libressl/crypto/CMakeLists.txt +++ b/externals/libressl/crypto/CMakeLists.txt @@ -1,3 +1,5 @@ +add_definitions(-DLIBRESSL_CRYPTO_INTERNAL) + if(HOST_ASM_ELF_ARMV4) set( ASM_ARMV4_ELF_SRC @@ -231,6 +233,7 @@ set( malloc-wrapper.c mem_clr.c mem_dbg.c + o_fips.c o_init.c o_str.c o_time.c @@ -242,49 +245,38 @@ set( aes/aes_ofb.c aes/aes_wrap.c asn1/a_bitstr.c - asn1/a_bool.c - asn1/a_d2i_fp.c - asn1/a_digest.c - asn1/a_dup.c asn1/a_enum.c - asn1/a_i2d_fp.c asn1/a_int.c asn1/a_mbstr.c asn1/a_object.c asn1/a_octet.c + asn1/a_pkey.c asn1/a_print.c - asn1/a_sign.c + asn1/a_pubkey.c asn1/a_strex.c + asn1/a_string.c asn1/a_strnid.c asn1/a_time.c asn1/a_time_tm.c asn1/a_type.c asn1/a_utf8.c - asn1/a_verify.c asn1/ameth_lib.c asn1/asn1_err.c asn1/asn1_gen.c + asn1/asn1_item.c asn1/asn1_lib.c + asn1/asn1_old.c + asn1/asn1_old_lib.c asn1/asn1_par.c + asn1/asn1_types.c asn1/asn_mime.c asn1/asn_moid.c - asn1/asn_pack.c asn1/bio_asn1.c asn1/bio_ndef.c - asn1/d2i_pr.c - asn1/d2i_pu.c - asn1/evp_asn1.c - asn1/f_enum.c - asn1/f_int.c - asn1/f_string.c - asn1/i2d_pr.c - asn1/i2d_pu.c - asn1/n_pkey.c asn1/nsseq.c asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c - asn1/t_bitst.c asn1/t_crl.c asn1/t_pkey.c asn1/t_req.c @@ -306,7 +298,6 @@ set( asn1/x_info.c asn1/x_long.c asn1/x_name.c - asn1/x_nx509.c asn1/x_pkey.c asn1/x_pubkey.c asn1/x_req.c @@ -370,6 +361,9 @@ set( buffer/buf_err.c buffer/buf_str.c buffer/buffer.c + bytestring/bs_ber.c + bytestring/bs_cbb.c + bytestring/bs_cbs.c camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c @@ -409,6 +403,16 @@ set( conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c + ct/ct_b64.c + ct/ct_err.c + ct/ct_log.c + ct/ct_oct.c + ct/ct_policy.c + ct/ct_prn.c + ct/ct_sct.c + ct/ct_sct_ctx.c + ct/ct_vfy.c + ct/ct_x509v3.c curve25519/curve25519-generic.c curve25519/curve25519.c des/cbc_cksm.c @@ -550,9 +554,6 @@ set( evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c - evp/m_dss.c - evp/m_dss1.c - evp/m_ecdsa.c evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c @@ -636,7 +637,6 @@ set( pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c - pem/pem_seal.c pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c @@ -726,9 +726,11 @@ set( x509/pcy_map.c x509/pcy_node.c x509/pcy_tree.c + x509/x509_addr.c x509/x509_akey.c x509/x509_akeya.c x509/x509_alt.c + x509/x509_asid.c x509/x509_att.c x509/x509_bcons.c x509/x509_bitst.c @@ -875,6 +877,11 @@ if(NOT HAVE_STRSEP) set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep) endif() +if(NOT HAVE_STRTONUM) + set(CRYPTO_SRC ${CRYPTO_SRC} compat/strtonum.c) + set(EXTRA_EXPORT ${EXTRA_EXPORT} strtonum) +endif() + if(NOT HAVE_SYSLOG_R) set(CRYPTO_SRC ${CRYPTO_SRC} compat/syslog_r.c) endif() @@ -968,22 +975,33 @@ if(EXTRA_EXPORT) endforeach() endif() -add_library(crypto ${CRYPTO_SRC}) -target_include_directories(crypto +set(LIBTLS_EXTRA_EXPORT ${EXTRA_EXPORT} PARENT_SCOPE) + +add_library(crypto_obj OBJECT ${CRYPTO_SRC}) +target_include_directories(crypto_obj PRIVATE . asn1 + bio bn + bytestring + dh dsa ec ecdh ecdsa evp + hmac modes + ocsp + rsa + x509 ../include/compat PUBLIC ../include) +add_library(crypto $) + export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym) target_link_libraries(crypto ${PLATFORM_LIBS}) if (WIN32) @@ -1003,3 +1021,10 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(crypto-static STATIC $) + target_link_libraries(crypto-static ${PLATFORM_LIBS}) +endif() + diff --git a/externals/libressl/crypto/VERSION b/externals/libressl/crypto/VERSION index 0eaa4dc26..81abba855 100755 --- a/externals/libressl/crypto/VERSION +++ b/externals/libressl/crypto/VERSION @@ -1 +1 @@ -46:1:0 +49:0:0 diff --git a/externals/libressl/crypto/aes/aes-masm-x86_64.S b/externals/libressl/crypto/aes/aes-masm-x86_64.S index 9094c7295..e99ccf671 100755 --- a/externals/libressl/crypto/aes/aes-masm-x86_64.S +++ b/externals/libressl/crypto/aes/aes-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/aes/aes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aes-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/aes/aes_ige.c b/externals/libressl/crypto/aes/aes_ige.c index 16ef5612e..244a5a36b 100755 --- a/externals/libressl/crypto/aes/aes_ige.c +++ b/externals/libressl/crypto/aes/aes_ige.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_ige.c,v 1.7 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: aes_ige.c,v 1.8 2022/01/22 00:43:41 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -109,8 +109,8 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + memmove(ivec, ivp->data, AES_BLOCK_SIZE); + memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); } else { aes_block_t tmp, tmp2; aes_block_t iv; @@ -161,8 +161,8 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + memmove(ivec, ivp->data, AES_BLOCK_SIZE); + memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); } else { aes_block_t tmp, tmp2; aes_block_t iv; diff --git a/externals/libressl/crypto/aes/aesni-masm-x86_64.S b/externals/libressl/crypto/aes/aesni-masm-x86_64.S index f2a2490a5..7c9224f82 100755 --- a/externals/libressl/crypto/aes/aesni-masm-x86_64.S +++ b/externals/libressl/crypto/aes/aesni-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/aes/aesni-sha1-masm-x86_64.S b/externals/libressl/crypto/aes/aesni-sha1-masm-x86_64.S index db95881b2..b87202ad2 100755 --- a/externals/libressl/crypto/aes/aesni-sha1-masm-x86_64.S +++ b/externals/libressl/crypto/aes/aesni-sha1-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/aes/bsaes-masm-x86_64.S b/externals/libressl/crypto/aes/bsaes-masm-x86_64.S index 6b1a97d53..7049860e4 100755 --- a/externals/libressl/crypto/aes/bsaes-masm-x86_64.S +++ b/externals/libressl/crypto/aes/bsaes-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/aes/vpaes-masm-x86_64.S b/externals/libressl/crypto/aes/vpaes-masm-x86_64.S index e10d98d0e..fa24314e5 100755 --- a/externals/libressl/crypto/aes/vpaes-masm-x86_64.S +++ b/externals/libressl/crypto/aes/vpaes-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/arm_arch.h b/externals/libressl/crypto/arm_arch.h index 8c5115ea4..5ac3b935f 100755 --- a/externals/libressl/crypto/arm_arch.h +++ b/externals/libressl/crypto/arm_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: arm_arch.h,v 1.10 2019/07/02 19:31:28 patrick Exp $ */ +/* $OpenBSD: arm_arch.h,v 1.1 2022/03/23 15:13:31 tb Exp $ */ #ifndef __ARM_ARCH_H__ #define __ARM_ARCH_H__ diff --git a/externals/libressl/crypto/armcap.c b/externals/libressl/crypto/armcap.c index 8c4983280..e1a721b71 100755 --- a/externals/libressl/crypto/armcap.c +++ b/externals/libressl/crypto/armcap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: armcap.c,v 1.8 2019/03/13 10:18:30 patrick Exp $ */ +/* $OpenBSD: armcap.c,v 1.1 2022/03/23 15:13:31 tb Exp $ */ #include #include #include diff --git a/externals/libressl/crypto/asn1/a_bitstr.c b/externals/libressl/crypto/asn1/a_bitstr.c index f217f13d2..4ffafd5f8 100755 --- a/externals/libressl/crypto/asn1/a_bitstr.c +++ b/externals/libressl/crypto/asn1/a_bitstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_bitstr.c,v 1.30 2020/09/03 17:19:27 tb Exp $ */ +/* $OpenBSD: a_bitstr.c,v 1.33 2021/12/25 08:52:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,7 +60,28 @@ #include #include +#include +#include #include +#include + +const ASN1_ITEM ASN1_BIT_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BIT_STRING, + .sname = "ASN1_BIT_STRING", +}; + +ASN1_BIT_STRING * +ASN1_BIT_STRING_new(void) +{ + return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it); +} + +void +ASN1_BIT_STRING_free(ASN1_BIT_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it); +} int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) @@ -68,6 +89,127 @@ ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) return ASN1_STRING_set(x, d, len); } +int +ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +{ + int w, v, iv; + unsigned char *c; + + w = n/8; + v = 1 << (7 - (n & 0x07)); + iv = ~v; + if (!value) + v = 0; + + if (a == NULL) + return 0; + + a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ + + if ((a->length < (w + 1)) || (a->data == NULL)) { + if (!value) + return(1); /* Don't need to set */ + if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + a->data = c; + a->length = w + 1; + } + a->data[w] = ((a->data[w]) & iv) | v; + while ((a->length > 0) && (a->data[a->length - 1] == 0)) + a->length--; + + return (1); +} + +int +ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) +{ + int w, v; + + w = n / 8; + v = 1 << (7 - (n & 0x07)); + if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) + return (0); + return ((a->data[w] & v) != 0); +} + +/* + * Checks if the given bit string contains only bits specified by + * the flags vector. Returns 0 if there is at least one bit set in 'a' + * which is not specified in 'flags', 1 otherwise. + * 'len' is the length of 'flags'. + */ +int +ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, + int flags_len) +{ + int i, ok; + + /* Check if there is one bit set at all. */ + if (!a || !a->data) + return 1; + + /* Check each byte of the internal representation of the bit string. */ + ok = 1; + for (i = 0; i < a->length && ok; ++i) { + unsigned char mask = i < flags_len ? ~flags[i] : 0xff; + /* We are done if there is an unneeded bit set. */ + ok = (a->data[i] & mask) == 0; + } + return ok; +} + +int +ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent) +{ + BIT_STRING_BITNAME *bnam; + char first = 1; + + BIO_printf(out, "%*s", indent, ""); + for (bnam = tbl; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { + if (!first) + BIO_puts(out, ", "); + BIO_puts(out, bnam->lname); + first = 0; + } + } + BIO_puts(out, "\n"); + return 1; +} + +int +ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl) +{ + int bitnum; + + bitnum = ASN1_BIT_STRING_num_asc(name, tbl); + if (bitnum < 0) + return 0; + if (bs) { + if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) + return 0; + } + return 1; +} + +int +ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) +{ + BIT_STRING_BITNAME *bnam; + + for (bnam = tbl; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, name) || + !strcmp(bnam->lname, name)) + return bnam->bitnum; + } + return -1; +} + int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) { @@ -192,73 +334,14 @@ c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **pp, long len) } int -ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out) { - int w, v, iv; - unsigned char *c; - - w = n/8; - v = 1 << (7 - (n & 0x07)); - iv = ~v; - if (!value) - v = 0; - - if (a == NULL) - return 0; - - a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ - - if ((a->length < (w + 1)) || (a->data == NULL)) { - if (!value) - return(1); /* Don't need to set */ - if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - a->data = c; - a->length = w + 1; - } - a->data[w] = ((a->data[w]) & iv) | v; - while ((a->length > 0) && (a->data[a->length - 1] == 0)) - a->length--; - - return (1); + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it); } -int -ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) +ASN1_BIT_STRING * +d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len) { - int w, v; - - w = n / 8; - v = 1 << (7 - (n & 0x07)); - if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) - return (0); - return ((a->data[w] & v) != 0); -} - -/* - * Checks if the given bit string contains only bits specified by - * the flags vector. Returns 0 if there is at least one bit set in 'a' - * which is not specified in 'flags', 1 otherwise. - * 'len' is the length of 'flags'. - */ -int -ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, - int flags_len) -{ - int i, ok; - - /* Check if there is one bit set at all. */ - if (!a || !a->data) - return 1; - - /* Check each byte of the internal representation of the bit string. */ - ok = 1; - for (i = 0; i < a->length && ok; ++i) { - unsigned char mask = i < flags_len ? ~flags[i] : 0xff; - /* We are done if there is an unneeded bit set. */ - ok = (a->data[i] & mask) == 0; - } - return ok; + return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_BIT_STRING_it); } diff --git a/externals/libressl/crypto/asn1/a_enum.c b/externals/libressl/crypto/asn1/a_enum.c index 0952e049d..007a42184 100755 --- a/externals/libressl/crypto/asn1/a_enum.c +++ b/externals/libressl/crypto/asn1/a_enum.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_enum.c,v 1.20 2019/04/28 05:05:56 tb Exp $ */ +/* $OpenBSD: a_enum.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,7 +60,9 @@ #include #include +#include #include +#include #include /* @@ -68,6 +70,24 @@ * for comments on encoding see a_int.c */ +const ASN1_ITEM ASN1_ENUMERATED_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_ENUMERATED, + .sname = "ASN1_ENUMERATED", +}; + +ASN1_ENUMERATED * +ASN1_ENUMERATED_new(void) +{ + return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it); +} + +void +ASN1_ENUMERATED_free(ASN1_ENUMERATED *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it); +} + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) { @@ -175,7 +195,7 @@ BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) } return (ret); -err: + err: if (ret != ai) ASN1_ENUMERATED_free(ret); return (NULL); @@ -192,3 +212,143 @@ ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) BN_set_negative(ret, 1); return (ret); } + +/* Based on a_int.c: equivalent ENUMERATED functions */ + +int +i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (a == NULL) + return (0); + + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; + n = 2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return (n); + + err: + return (-1); +} + +int +a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int first = 1; + size_t num = 0, slen = 0; + + bs->type = V_ASN1_ENUMERATED; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; + } + } + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + bs->length = num; + bs->data = s; + return (1); + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + return (ret); +} + +int +i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it); +} + +ASN1_ENUMERATED * +d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len) +{ + return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ENUMERATED_it); +} diff --git a/externals/libressl/crypto/asn1/a_int.c b/externals/libressl/crypto/asn1/a_int.c index d14bd7959..c4b40ff7a 100755 --- a/externals/libressl/crypto/asn1/a_int.c +++ b/externals/libressl/crypto/asn1/a_int.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_int.c,v 1.34 2019/04/28 05:03:56 tb Exp $ */ +/* $OpenBSD: a_int.c,v 1.38 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,9 +61,29 @@ #include #include +#include #include +#include #include +const ASN1_ITEM ASN1_INTEGER_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .sname = "ASN1_INTEGER", +}; + +ASN1_INTEGER * +ASN1_INTEGER_new(void) +{ + return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); +} + +void +ASN1_INTEGER_free(ASN1_INTEGER *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); +} + static int ASN1_INTEGER_valid(const ASN1_INTEGER *a) { @@ -101,6 +121,276 @@ ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) return ret; } +int +ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +{ + int j, k; + unsigned int i; + unsigned char buf[sizeof(long) + 1]; + long d; + + a->type = V_ASN1_INTEGER; + /* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */ + if (a->length < (int)(sizeof(long) + 1)) { + free(a->data); + a->data = calloc(1, sizeof(long) + 1); + } + if (a->data == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + d = v; + if (d < 0) { + d = -d; + a->type = V_ASN1_NEG_INTEGER; + } + + for (i = 0; i < sizeof(long); i++) { + if (d == 0) + break; + buf[i] = (int)d & 0xff; + d >>= 8; + } + j = 0; + for (k = i - 1; k >= 0; k--) + a->data[j++] = buf[k]; + a->length = j; + return (1); +} + +/* + * XXX this particular API is a gibbering eidrich horror that makes it + * impossible to determine valid return cases from errors.. "a bit + * ugly" is preserved for posterity, unfortunately this is probably + * unfixable without changing public API + */ +long +ASN1_INTEGER_get(const ASN1_INTEGER *a) +{ + int neg = 0, i; + unsigned long r = 0; + + if (a == NULL) + return (0L); + i = a->type; + if (i == V_ASN1_NEG_INTEGER) + neg = 1; + else if (i != V_ASN1_INTEGER) + return -1; + + if (!ASN1_INTEGER_valid(a)) + return -1; /* XXX best effort */ + + if (a->length > (int)sizeof(long)) { + /* hmm... a bit ugly, return all ones */ + return -1; + } + if (a->data == NULL) + return 0; + + for (i = 0; i < a->length; i++) { + r <<= 8; + r |= (unsigned char)a->data[i]; + } + + if (r > LONG_MAX) + return -1; + + if (neg) + return -(long)r; + return (long)r; +} + +ASN1_INTEGER * +BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) +{ + ASN1_INTEGER *ret; + int len, j; + + if (ai == NULL) + ret = ASN1_INTEGER_new(); + else + ret = ai; + if (ret == NULL) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; + } + + if (!ASN1_INTEGER_valid(ret)) + goto err; + + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_INTEGER; + else + ret->type = V_ASN1_INTEGER; + j = BN_num_bits(bn); + len = ((j == 0) ? 0 : ((j / 8) + 1)); + if (ret->length < len + 4) { + unsigned char *new_data = realloc(ret->data, len + 4); + if (!new_data) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data = new_data; + } + ret->length = BN_bn2bin(bn, ret->data); + + /* Correct zero case */ + if (!ret->length) { + ret->data[0] = 0; + ret->length = 1; + } + return (ret); + + err: + if (ret != ai) + ASN1_INTEGER_free(ret); + return (NULL); +} + +BIGNUM * +ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) +{ + BIGNUM *ret; + + if (!ASN1_INTEGER_valid(ai)) + return (NULL); + + if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) + ASN1error(ASN1_R_BN_LIB); + else if (ai->type == V_ASN1_NEG_INTEGER) + BN_set_negative(ret, 1); + return (ret); +} + +int +i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (a == NULL) + return (0); + + if (a->type & V_ASN1_NEG) { + if (BIO_write(bp, "-", 1) != 1) + goto err; + n = 1; + } + + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; + n += 2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return (n); + + err: + return (-1); +} + +int +a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int num = 0, slen = 0, first = 1; + + bs->type = V_ASN1_INTEGER; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i - 1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; + } + } + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + if ((sp = recallocarray(s, slen, num + i, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + bs->length = num; + bs->data = s; + return (1); + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + return (ret); +} /* * This converts an ASN1 INTEGER into its content encoding. @@ -289,13 +579,25 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) *pp = pend; return (ret); -err: + err: ASN1error(i); if (a == NULL || *a != ret) ASN1_INTEGER_free(ret); return (NULL); } +int +i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); +} + +ASN1_INTEGER * +d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) +{ + return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_INTEGER_it); +} /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of * ASN1 integers: some broken software can encode a positive INTEGER @@ -364,151 +666,9 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) *pp = p; return (ret); -err: + err: ASN1error(i); if (a == NULL || *a != ret) ASN1_INTEGER_free(ret); return (NULL); } - -int -ASN1_INTEGER_set(ASN1_INTEGER *a, long v) -{ - int j, k; - unsigned int i; - unsigned char buf[sizeof(long) + 1]; - long d; - - a->type = V_ASN1_INTEGER; - /* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */ - if (a->length < (int)(sizeof(long) + 1)) { - free(a->data); - a->data = calloc(1, sizeof(long) + 1); - } - if (a->data == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - d = v; - if (d < 0) { - d = -d; - a->type = V_ASN1_NEG_INTEGER; - } - - for (i = 0; i < sizeof(long); i++) { - if (d == 0) - break; - buf[i] = (int)d & 0xff; - d >>= 8; - } - j = 0; - for (k = i - 1; k >= 0; k--) - a->data[j++] = buf[k]; - a->length = j; - return (1); -} - -/* - * XXX this particular API is a gibbering eidrich horror that makes it - * impossible to determine valid return cases from errors.. "a bit - * ugly" is preserved for posterity, unfortunately this is probably - * unfixable without changing public API - */ -long -ASN1_INTEGER_get(const ASN1_INTEGER *a) -{ - int neg = 0, i; - unsigned long r = 0; - - if (a == NULL) - return (0L); - i = a->type; - if (i == V_ASN1_NEG_INTEGER) - neg = 1; - else if (i != V_ASN1_INTEGER) - return -1; - - if (!ASN1_INTEGER_valid(a)) - return -1; /* XXX best effort */ - - if (a->length > (int)sizeof(long)) { - /* hmm... a bit ugly, return all ones */ - return -1; - } - if (a->data == NULL) - return 0; - - for (i = 0; i < a->length; i++) { - r <<= 8; - r |= (unsigned char)a->data[i]; - } - - if (r > LONG_MAX) - return -1; - - if (neg) - return -(long)r; - return (long)r; -} - -ASN1_INTEGER * -BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) -{ - ASN1_INTEGER *ret; - int len, j; - - if (ai == NULL) - ret = ASN1_INTEGER_new(); - else - ret = ai; - if (ret == NULL) { - ASN1error(ERR_R_NESTED_ASN1_ERROR); - goto err; - } - - if (!ASN1_INTEGER_valid(ret)) - goto err; - - if (BN_is_negative(bn)) - ret->type = V_ASN1_NEG_INTEGER; - else - ret->type = V_ASN1_INTEGER; - j = BN_num_bits(bn); - len = ((j == 0) ? 0 : ((j / 8) + 1)); - if (ret->length < len + 4) { - unsigned char *new_data = realloc(ret->data, len + 4); - if (!new_data) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data = new_data; - } - ret->length = BN_bn2bin(bn, ret->data); - - /* Correct zero case */ - if (!ret->length) { - ret->data[0] = 0; - ret->length = 1; - } - return (ret); - -err: - if (ret != ai) - ASN1_INTEGER_free(ret); - return (NULL); -} - -BIGNUM * -ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) -{ - BIGNUM *ret; - - if (!ASN1_INTEGER_valid(ai)) - return (NULL); - - if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) - ASN1error(ASN1_R_BN_LIB); - else if (ai->type == V_ASN1_NEG_INTEGER) - BN_set_negative(ret, 1); - return (ret); -} diff --git a/externals/libressl/crypto/asn1/a_mbstr.c b/externals/libressl/crypto/asn1/a_mbstr.c index b7cfba379..8cff3ae1c 100755 --- a/externals/libressl/crypto/asn1/a_mbstr.c +++ b/externals/libressl/crypto/asn1/a_mbstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_mbstr.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_mbstr.c,v 1.24 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -248,7 +248,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, traverse_string(in, len, inform, cpyfunc, &p); return str_type; -err: + err: if (free_out) { ASN1_STRING_free(dest); *out = NULL; diff --git a/externals/libressl/crypto/asn1/a_object.c b/externals/libressl/crypto/asn1/a_object.c index 16c3a1c0f..c6e4c77f9 100755 --- a/externals/libressl/crypto/asn1/a_object.c +++ b/externals/libressl/crypto/asn1/a_object.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_object.c,v 1.31 2018/04/25 11:48:21 tb Exp $ */ +/* $OpenBSD: a_object.c,v 1.46 2022/04/10 12:42:33 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,308 +61,31 @@ #include #include -#include +#include #include #include #include -int -i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) -{ - unsigned char *p; - int objsize; +#include "asn1_locl.h" - if ((a == NULL) || (a->data == NULL)) - return (0); - - objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); - if (pp == NULL) - return objsize; - - p = *pp; - ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - memcpy(p, a->data, a->length); - p += a->length; - - *pp = p; - return (objsize); -} - -int -a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) -{ - int i, first, len = 0, c, use_bn; - char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; - const char *p; - unsigned long l; - BIGNUM *bl = NULL; - - if (num == 0) - return (0); - else if (num == -1) - num = strlen(buf); - - p = buf; - c = *(p++); - num--; - if ((c >= '0') && (c <= '2')) { - first= c-'0'; - } else { - ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE); - goto err; - } - - if (num <= 0) { - ASN1error(ASN1_R_MISSING_SECOND_NUMBER); - goto err; - } - c = *(p++); - num--; - for (;;) { - if (num <= 0) - break; - if ((c != '.') && (c != ' ')) { - ASN1error(ASN1_R_INVALID_SEPARATOR); - goto err; - } - l = 0; - use_bn = 0; - for (;;) { - if (num <= 0) - break; - num--; - c = *(p++); - if ((c == ' ') || (c == '.')) - break; - if ((c < '0') || (c > '9')) { - ASN1error(ASN1_R_INVALID_DIGIT); - goto err; - } - if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { - use_bn = 1; - if (!bl) - bl = BN_new(); - if (!bl || !BN_set_word(bl, l)) - goto err; - } - if (use_bn) { - if (!BN_mul_word(bl, 10L) || - !BN_add_word(bl, c-'0')) - goto err; - } else - l = l * 10L + (long)(c - '0'); - } - if (len == 0) { - if ((first < 2) && (l >= 40)) { - ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE); - goto err; - } - if (use_bn) { - if (!BN_add_word(bl, first * 40)) - goto err; - } else - l += (long)first * 40; - } - i = 0; - if (use_bn) { - int blsize; - blsize = BN_num_bits(bl); - blsize = (blsize + 6) / 7; - if (blsize > tmpsize) { - if (tmp != ftmp) - free(tmp); - tmpsize = blsize + 32; - tmp = malloc(tmpsize); - if (!tmp) - goto err; - } - while (blsize--) - tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); - } else { - - for (;;) { - tmp[i++] = (unsigned char)l & 0x7f; - l >>= 7L; - if (l == 0L) - break; - } - - } - if (out != NULL) { - if (len + i > olen) { - ASN1error(ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - while (--i > 0) - out[len++] = tmp[i]|0x80; - out[len++] = tmp[0]; - } else - len += i; - } - if (tmp != ftmp) - free(tmp); - BN_free(bl); - return (len); - -err: - if (tmp != ftmp) - free(tmp); - BN_free(bl); - return (0); -} - -int -i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) -{ - return OBJ_obj2txt(buf, buf_len, a, 0); -} - -int -i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) -{ - char *tmp = NULL; - size_t tlen = 256; - int i = -1; - - if ((a == NULL) || (a->data == NULL)) - return(BIO_write(bp, "NULL", 4)); - if ((tmp = malloc(tlen)) == NULL) - return -1; - i = i2t_ASN1_OBJECT(tmp, tlen, a); - if (i > (int)(tlen - 1)) { - freezero(tmp, tlen); - if ((tmp = malloc(i + 1)) == NULL) - return -1; - tlen = i + 1; - i = i2t_ASN1_OBJECT(tmp, tlen, a); - } - if (i <= 0) - i = BIO_write(bp, "", 9); - else - i = BIO_write(bp, tmp, i); - freezero(tmp, tlen); - return (i); -} - -ASN1_OBJECT * -d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length) -{ - const unsigned char *p; - long len; - int tag, xclass; - int inf, i; - ASN1_OBJECT *ret = NULL; - - p = *pp; - inf = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (inf & 0x80) { - i = ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_OBJECT) { - i = ASN1_R_EXPECTING_AN_OBJECT; - goto err; - } - ret = c2i_ASN1_OBJECT(a, &p, len); - if (ret) - *pp = p; - return ret; - -err: - ASN1error(i); - return (NULL); -} - -ASN1_OBJECT * -c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) -{ - ASN1_OBJECT *ret; - const unsigned char *p; - unsigned char *data; - int i, length; - - /* - * Sanity check OID encoding: - * - need at least one content octet - * - MSB must be clear in the last octet - * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 - */ - if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || - p[len - 1] & 0x80) { - ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); - return (NULL); - } - - /* Now 0 < len <= INT_MAX, so the cast is safe. */ - length = (int)len; - for (i = 0; i < length; i++, p++) { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { - ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); - return (NULL); - } - } - - /* only the ASN1_OBJECTs from the 'table' will have values - * for ->sn or ->ln */ - if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { - if ((ret = ASN1_OBJECT_new()) == NULL) - return (NULL); - } else - ret = *a; - - p = *pp; - - /* detach data from object */ - data = (unsigned char *)ret->data; - freezero(data, ret->length); - - data = malloc(length); - if (data == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - - memcpy(data, p, length); - - /* reattach data to object, after which it remains const */ - ret->data = data; - ret->length = length; - ret->sn = NULL; - ret->ln = NULL; - ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; - p += length; - - if (a != NULL) - *a = ret; - *pp = p; - return (ret); - -err: - if (a == NULL || ret != *a) - ASN1_OBJECT_free(ret); - return (NULL); -} +const ASN1_ITEM ASN1_OBJECT_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OBJECT, + .sname = "ASN1_OBJECT", +}; ASN1_OBJECT * ASN1_OBJECT_new(void) { - ASN1_OBJECT *ret; + ASN1_OBJECT *a; - ret = malloc(sizeof(ASN1_OBJECT)); - if (ret == NULL) { + if ((a = calloc(1, sizeof(ASN1_OBJECT))) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return (NULL); } - ret->length = 0; - ret->data = NULL; - ret->nid = 0; - ret->sn = NULL; - ret->ln = NULL; - ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; - return (ret); + a->flags = ASN1_OBJECT_FLAG_DYNAMIC; + + return a; } void @@ -399,3 +122,539 @@ ASN1_OBJECT_create(int nid, unsigned char *data, int len, ASN1_OBJECT_FLAG_DYNAMIC_DATA; return (OBJ_dup(&o)); } + +static int +oid_add_arc(CBB *cbb, uint64_t arc) +{ + int started = 0; + uint8_t val; + int i; + + for (i = (sizeof(arc) * 8) / 7; i >= 0; i--) { + val = (arc >> (i * 7)) & 0x7f; + if (!started && i != 0 && val == 0) + continue; + if (i > 0) + val |= 0x80; + if (!CBB_add_u8(cbb, val)) + return 0; + started = 1; + } + + return 1; +} + +static int +oid_parse_arc(CBS *cbs, uint64_t *out_arc) +{ + uint64_t arc = 0; + uint8_t val; + + do { + if (!CBS_get_u8(cbs, &val)) + return 0; + if (arc == 0 && val == 0x80) + return 0; + if (out_arc != NULL && arc > (UINT64_MAX >> 7)) + return 0; + arc = (arc << 7) | (val & 0x7f); + } while (val & 0x80); + + if (out_arc != NULL) + *out_arc = arc; + + return 1; +} + +static int +oid_add_arc_txt(CBB *cbb, uint64_t arc, int first) +{ + const char *fmt = ".%llu"; + char s[22]; /* Digits in decimal representation of 2^64-1, plus '.' and NUL. */ + int n; + + if (first) + fmt = "%llu"; + n = snprintf(s, sizeof(s), fmt, (unsigned long long)arc); + if (n < 0 || (size_t)n >= sizeof(s)) + return 0; + if (!CBB_add_bytes(cbb, s, n)) + return 0; + + return 1; +} + +static int +oid_parse_arc_txt(CBS *cbs, uint64_t *out_arc, char *separator, int first) +{ + uint64_t arc = 0; + int digits = 0; + uint8_t val; + + if (!first) { + if (!CBS_get_u8(cbs, &val)) + return 0; + if ((*separator == 0 && val != '.' && val != ' ') || + (*separator != 0 && val != *separator)) { + ASN1error(ASN1_R_INVALID_SEPARATOR); + return 0; + } + *separator = val; + } + + while (CBS_len(cbs) > 0) { + if (!CBS_peek_u8(cbs, &val)) + return 0; + if (val == '.' || val == ' ') + break; + + if (!CBS_get_u8(cbs, &val)) + return 0; + if (val < '0' || val > '9') { + /* For the first arc we treat this as the separator. */ + if (first) { + ASN1error(ASN1_R_INVALID_SEPARATOR); + return 0; + } + ASN1error(ASN1_R_INVALID_DIGIT); + return 0; + } + val -= '0'; + + if (digits > 0 && arc == 0 && val == 0) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; + } + digits++; + + if (arc > UINT64_MAX / 10) { + ASN1error(ASN1_R_TOO_LONG); + return 0; + } + arc = arc * 10 + val; + } + + if (digits < 1) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; + } + + *out_arc = arc; + + return 1; +} + +static int +a2c_ASN1_OBJECT_internal(CBB *cbb, CBS *cbs) +{ + uint64_t arc, si1, si2; + char separator = 0; + + if (!oid_parse_arc_txt(cbs, &si1, &separator, 1)) + return 0; + + if (CBS_len(cbs) == 0) { + ASN1error(ASN1_R_MISSING_SECOND_NUMBER); + return 0; + } + + if (!oid_parse_arc_txt(cbs, &si2, &separator, 0)) + return 0; + + /* + * X.690 section 8.19 - the first two subidentifiers are encoded as + * (x * 40) + y, with x being limited to [0,1,2]. The second + * subidentifier cannot exceed 39 for x < 2. + */ + if (si1 > 2) { + ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE); + return 0; + } + if ((si1 < 2 && si2 >= 40) || si2 > UINT64_MAX - si1 * 40) { + ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE); + return 0; + } + arc = si1 * 40 + si2; + + if (!oid_add_arc(cbb, arc)) + return 0; + + while (CBS_len(cbs) > 0) { + if (!oid_parse_arc_txt(cbs, &arc, &separator, 0)) + return 0; + if (!oid_add_arc(cbb, arc)) + return 0; + } + + return 1; +} + +static int +c2a_ASN1_OBJECT(CBS *cbs, CBB *cbb) +{ + uint64_t arc, si1, si2; + + /* + * X.690 section 8.19 - the first two subidentifiers are encoded as + * (x * 40) + y, with x being limited to [0,1,2]. + */ + if (!oid_parse_arc(cbs, &arc)) + return 0; + if ((si1 = arc / 40) > 2) + si1 = 2; + si2 = arc - si1 * 40; + + if (!oid_add_arc_txt(cbb, si1, 1)) + return 0; + if (!oid_add_arc_txt(cbb, si2, 0)) + return 0; + + while (CBS_len(cbs) > 0) { + if (!oid_parse_arc(cbs, &arc)) + return 0; + if (!oid_add_arc_txt(cbb, arc, 0)) + return 0; + } + + /* NUL terminate. */ + if (!CBB_add_u8(cbb, 0)) + return 0; + + return 1; +} + +int +a2d_ASN1_OBJECT(unsigned char *out, int out_len, const char *in, int in_len) +{ + uint8_t *data = NULL; + size_t data_len; + CBS cbs; + CBB cbb; + int ret = 0; + + memset(&cbb, 0, sizeof(cbb)); + + if (in_len == -1) + in_len = strlen(in); + if (in_len <= 0) + goto err; + + CBS_init(&cbs, in, in_len); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (data_len > INT_MAX) + goto err; + + if (out != NULL) { + if (out_len <= 0 || (size_t)out_len < data_len) { + ASN1error(ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + memcpy(out, data, data_len); + } + + ret = (int)data_len; + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +static int +i2t_ASN1_OBJECT_oid(const ASN1_OBJECT *aobj, CBB *cbb) +{ + CBS cbs; + + CBS_init(&cbs, aobj->data, aobj->length); + + return c2a_ASN1_OBJECT(&cbs, cbb); +} + +static int +i2t_ASN1_OBJECT_name(const ASN1_OBJECT *aobj, CBB *cbb, const char **out_name) +{ + const char *name; + int nid; + + *out_name = NULL; + + if ((nid = OBJ_obj2nid(aobj)) == NID_undef) + return 0; + + if ((name = OBJ_nid2ln(nid)) == NULL) + name = OBJ_nid2sn(nid); + if (name == NULL) + return 0; + + *out_name = name; + + if (!CBB_add_bytes(cbb, name, strlen(name))) + return 0; + + /* NUL terminate. */ + if (!CBB_add_u8(cbb, 0)) + return 0; + + return 1; +} + +static int +i2t_ASN1_OBJECT_cbb(const ASN1_OBJECT *aobj, CBB *cbb, int no_name) +{ + const char *name; + + if (!no_name) { + if (i2t_ASN1_OBJECT_name(aobj, cbb, &name)) + return 1; + if (name != NULL) + return 0; + } + return i2t_ASN1_OBJECT_oid(aobj, cbb); +} + +int +i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, int no_name) +{ + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + int ret = 0; + + if (buf_len < 0) + return 0; + if (buf_len > 0) + buf[0] = '\0'; + + if (!CBB_init(&cbb, 0)) + goto err; + if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, no_name)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + ret = strlcpy(buf, data, buf_len); + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +int +i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *aobj) +{ + return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, 0); +} + +ASN1_OBJECT * +t2i_ASN1_OBJECT_internal(const char *oid) +{ + ASN1_OBJECT *aobj = NULL; + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + CBS cbs; + + memset(&cbb, 0, sizeof(cbb)); + + CBS_init(&cbs, oid, strlen(oid)); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (data_len > INT_MAX) + goto err; + + if ((aobj = ASN1_OBJECT_new()) == NULL) + goto err; + + aobj->data = data; + aobj->length = (int)data_len; + aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + data = NULL; + + err: + CBB_cleanup(&cbb); + free(data); + + return aobj; +} + +int +i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *aobj) +{ + uint8_t *data = NULL; + size_t data_len; + CBB cbb; + int ret = -1; + + if (aobj == NULL || aobj->data == NULL) + return BIO_write(bp, "NULL", 4); + + if (!CBB_init(&cbb, 0)) + goto err; + if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, 0)) { + ret = BIO_write(bp, "", 9); + goto err; + } + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + ret = BIO_write(bp, data, strlen(data)); + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +int +c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content) +{ + ASN1_OBJECT *aobj = NULL; + uint8_t *data = NULL; + size_t data_len; + CBS cbs; + + if (out_aobj == NULL || *out_aobj != NULL) + goto err; + + /* Parse and validate OID encoding per X.690 8.19.2. */ + CBS_dup(content, &cbs); + if (CBS_len(&cbs) == 0) { + ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); + goto err; + } + while (CBS_len(&cbs) > 0) { + if (!oid_parse_arc(&cbs, NULL)) { + ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); + goto err; + } + } + + if (!CBS_stow(content, &data, &data_len)) + goto err; + + if (data_len > INT_MAX) + goto err; + + if ((aobj = ASN1_OBJECT_new()) == NULL) + goto err; + + aobj->data = data; + aobj->length = (int)data_len; /* XXX - change length to size_t. */ + aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + + *out_aobj = aobj; + + return 1; + + err: + ASN1_OBJECT_free(aobj); + free(data); + + return 0; +} + +ASN1_OBJECT * +c2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long len) +{ + ASN1_OBJECT *aobj = NULL; + CBS content; + + if (out_aobj != NULL) { + ASN1_OBJECT_free(*out_aobj); + *out_aobj = NULL; + } + + if (len < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } + + CBS_init(&content, *pp, len); + + if (!c2i_ASN1_OBJECT_cbs(&aobj, &content)) + return NULL; + + *pp = CBS_data(&content); + + if (out_aobj != NULL) + *out_aobj = aobj; + + return aobj; +} + +int +i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) +{ + unsigned char *p; + int objsize; + + if ((a == NULL) || (a->data == NULL)) + return (0); + + objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); + if (pp == NULL) + return objsize; + + p = *pp; + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); + memcpy(p, a->data, a->length); + p += a->length; + + *pp = p; + return (objsize); +} + +ASN1_OBJECT * +d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length) +{ + ASN1_OBJECT *aobj = NULL; + uint32_t tag_number; + CBS cbs, content; + + if (out_aobj != NULL) { + ASN1_OBJECT_free(*out_aobj); + *out_aobj = NULL; + } + + if (length < 0) { + ASN1error(ASN1_R_LENGTH_ERROR); + return NULL; + } + + CBS_init(&cbs, *pp, length); + + if (!asn1_get_primitive(&cbs, 0, &tag_number, &content)) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); + return NULL; + } + if (tag_number != V_ASN1_OBJECT) { + ASN1error(ASN1_R_EXPECTING_AN_OBJECT); + return NULL; + } + + if (!c2i_ASN1_OBJECT_cbs(&aobj, &content)) + return NULL; + + *pp = CBS_data(&content); + + if (out_aobj != NULL) + *out_aobj = aobj; + + return aobj; +} diff --git a/externals/libressl/crypto/asn1/a_octet.c b/externals/libressl/crypto/asn1/a_octet.c index d998675d3..c1a25202c 100755 --- a/externals/libressl/crypto/asn1/a_octet.c +++ b/externals/libressl/crypto/asn1/a_octet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_octet.c,v 1.10 2015/07/29 14:58:34 jsing Exp $ */ +/* $OpenBSD: a_octet.c,v 1.11 2021/12/25 08:52:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,26 @@ #include #include +#include + +const ASN1_ITEM ASN1_OCTET_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OCTET_STRING, + .sname = "ASN1_OCTET_STRING", +}; + +ASN1_OCTET_STRING * +ASN1_OCTET_STRING_new(void) +{ + return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it); +} + +void +ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it); +} + ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) @@ -77,3 +97,16 @@ ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) { return ASN1_STRING_set(x, d, len); } + +int +i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it); +} + +ASN1_OCTET_STRING * +d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_OCTET_STRING_it); +} diff --git a/externals/libressl/crypto/asn1/a_pkey.c b/externals/libressl/crypto/asn1/a_pkey.c new file mode 100755 index 000000000..3b8dea7db --- /dev/null +++ b/externals/libressl/crypto/asn1/a_pkey.c @@ -0,0 +1,186 @@ +/* $OpenBSD: a_pkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "asn1_locl.h" +#include "evp_locl.h" + +EVP_PKEY * +d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ + const unsigned char *p = *pp; + EVP_PKEY *ret; + + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); + } + } else { + ret = *a; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); + ret->engine = NULL; +#endif + } + + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + goto err; + } + + if (!ret->ameth->old_priv_decode || + !ret->ameth->old_priv_decode(ret, pp, length)) { + if (ret->ameth->priv_decode) { + PKCS8_PRIV_KEY_INFO *p8 = NULL; + *pp = p; /* XXX */ + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + if (!p8) + goto err; + EVP_PKEY_free(ret); + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } else { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + } + if (a != NULL) + (*a) = ret; + return (ret); + + err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} + +int +i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) +{ + if (a->ameth && a->ameth->old_priv_encode) { + return a->ameth->old_priv_encode(a, pp); + } + if (a->ameth && a->ameth->priv_encode) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); + PKCS8_PRIV_KEY_INFO_free(p8); + return ret; + } + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); +} + +/* This works like d2i_PrivateKey() except it automatically works out the type */ + +EVP_PKEY * +d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) +{ + STACK_OF(ASN1_TYPE) *inkey; + const unsigned char *p; + int keytype; + + p = *pp; + /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): + * by analyzing it we can determine the passed structure: this + * assumes the input is surrounded by an ASN1 SEQUENCE. + */ + inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + /* Since we only need to discern "traditional format" RSA and DSA + * keys we can just count the elements. + */ + if (sk_ASN1_TYPE_num(inkey) == 6) + keytype = EVP_PKEY_DSA; + else if (sk_ASN1_TYPE_num(inkey) == 4) + keytype = EVP_PKEY_EC; + else if (sk_ASN1_TYPE_num(inkey) == 3) { + /* This seems to be PKCS8, not traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO( + NULL, pp, length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (!p8) { + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (a) { + *a = ret; + } + return ret; + } else + keytype = EVP_PKEY_RSA; + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + return d2i_PrivateKey(keytype, a, pp, length); +} diff --git a/externals/libressl/crypto/asn1/a_pubkey.c b/externals/libressl/crypto/asn1/a_pubkey.c new file mode 100755 index 000000000..f3bb5d81a --- /dev/null +++ b/externals/libressl/crypto/asn1/a_pubkey.c @@ -0,0 +1,160 @@ +/* $OpenBSD: a_pubkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif + +#include "evp_locl.h" + +EVP_PKEY * +d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ + EVP_PKEY *ret; + + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); + } + } else + ret = *a; + + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ERR_R_EVP_LIB); + goto err; + } + + switch (EVP_PKEY_id(ret)) { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == + NULL) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif + default: + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + goto err; + /* break; */ + } + if (a != NULL) + (*a) = ret; + return (ret); + + err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} + +int +i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) +{ + switch (a->type) { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + return (i2d_RSAPublicKey(a->pkey.rsa, pp)); +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + return (i2d_DSAPublicKey(a->pkey.dsa, pp)); +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + return (i2o_ECPublicKey(a->pkey.ec, pp)); +#endif + default: + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); + } +} diff --git a/externals/libressl/crypto/asn1/a_strex.c b/externals/libressl/crypto/asn1/a_strex.c index 4e3deccfd..848d1bffd 100755 --- a/externals/libressl/crypto/asn1/a_strex.c +++ b/externals/libressl/crypto/asn1/a_strex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strex.c,v 1.28 2018/05/19 10:46:28 tb Exp $ */ +/* $OpenBSD: a_strex.c,v 1.31 2021/12/25 12:11:57 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -322,22 +322,6 @@ do_dump(unsigned long lflags, char_io *io_ch, void *arg, const ASN1_STRING *str) return outlen + 1; } -/* Lookup table to convert tags to character widths, - * 0 = UTF8 encoded, -1 is used for non string types - * otherwise it is the number of bytes per character - */ - -static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, 0, -1, /* 10-13 */ - -1, -1, -1, -1, /* 15-17 */ - -1, 1, 1, /* 18-20 */ - -1, 1, 1, 1, /* 21-24 */ - -1, 1, -1, /* 25-27 */ - 4, -1, 2 /* 28-30 */ -}; - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of @@ -371,19 +355,16 @@ do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, /* Decide what to do with type, either dump content or display it */ - /* Dump everything */ - if (lflags & ASN1_STRFLGS_DUMP_ALL) + if (lflags & ASN1_STRFLGS_DUMP_ALL) { + /* Dump everything. */ type = -1; - /* Ignore the string type */ - else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) + } else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) { + /* Ignore the string type. */ type = 1; - else { - /* Else determine width based on type */ - if ((type > 0) && (type < 31)) - type = tag2nbyte[type]; - else - type = -1; - if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) + } else { + /* Else determine width based on type. */ + type = asn1_tag2charwidth(type); + if (type == -1 && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; } @@ -513,7 +494,7 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, else ent = X509_NAME_get_entry(n, i); if (prev != -1) { - if (prev == ent->set) { + if (prev == X509_NAME_ENTRY_set(ent)) { if (!io_ch(arg, sep_mv, sep_mv_len)) return -1; outlen += sep_mv_len; @@ -526,7 +507,7 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, outlen += indent; } } - prev = ent->set; + prev = X509_NAME_ENTRY_set(ent); fn = X509_NAME_ENTRY_get_object(ent); val = X509_NAME_ENTRY_get_data(ent); fn_nid = OBJ_obj2nid(fn); @@ -618,32 +599,3 @@ ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_fp_chars, fp, flags, str); } - -/* Utility function: convert any string type to UTF8, returns number of bytes - * in output string or a negative error code - */ - -int -ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) -{ - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; - - if (!in) - return -1; - type = in->type; - if ((type < 0) || (type > 30)) - return -1; - mbflag = tag2nbyte[type]; - if (mbflag == -1) - return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; - stmp.length = 0; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, - B_ASN1_UTF8STRING); - if (ret < 0) - return ret; - *out = stmp.data; - return stmp.length; -} diff --git a/externals/libressl/crypto/asn1/a_string.c b/externals/libressl/crypto/asn1/a_string.c new file mode 100755 index 000000000..90e363e9c --- /dev/null +++ b/externals/libressl/crypto/asn1/a_string.c @@ -0,0 +1,423 @@ +/* $OpenBSD: a_string.c,v 1.7 2022/03/17 17:17:58 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include +#include + +#include "asn1_locl.h" + +ASN1_STRING * +ASN1_STRING_new(void) +{ + return ASN1_STRING_type_new(V_ASN1_OCTET_STRING); +} + +ASN1_STRING * +ASN1_STRING_type_new(int type) +{ + ASN1_STRING *astr; + + if ((astr = calloc(1, sizeof(ASN1_STRING))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + astr->type = type; + + return astr; +} + +static void +ASN1_STRING_clear(ASN1_STRING *astr) +{ + if (!(astr->flags & ASN1_STRING_FLAG_NDEF)) + freezero(astr->data, astr->length); + + astr->flags &= ~ASN1_STRING_FLAG_NDEF; + astr->data = NULL; + astr->length = 0; +} + +void +ASN1_STRING_free(ASN1_STRING *astr) +{ + if (astr == NULL) + return; + + ASN1_STRING_clear(astr); + + free(astr); +} + +int +ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + int cmp; + + if (a == NULL || b == NULL) + return -1; + if ((cmp = (a->length - b->length)) != 0) + return cmp; + if ((cmp = memcmp(a->data, b->data, a->length)) != 0) + return cmp; + + return (a->type - b->type); +} + +int +ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *src) +{ + if (src == NULL) + return 0; + + if (!ASN1_STRING_set(dst, src->data, src->length)) + return 0; + + dst->type = src->type; + dst->flags = src->flags & ~ASN1_STRING_FLAG_NDEF; + + return 1; +} + +ASN1_STRING * +ASN1_STRING_dup(const ASN1_STRING *src) +{ + ASN1_STRING *astr; + + if (src == NULL) + return NULL; + + if ((astr = ASN1_STRING_new()) == NULL) + return NULL; + if (!ASN1_STRING_copy(astr, src)) { + ASN1_STRING_free(astr); + return NULL; + } + return astr; +} + +int +ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len) +{ + const char *data = _data; + + if (len == -1) { + size_t slen; + + if (data == NULL) + return 0; + + if ((slen = strlen(data)) > INT_MAX) + return 0; + + len = (int)slen; + } + + ASN1_STRING_clear(astr); + + if (len < 0 || len >= INT_MAX) + return 0; + + if ((astr->data = calloc(1, len + 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + astr->length = len; + + if (data != NULL) { + memcpy(astr->data, data, len); + astr->data[len] = '\0'; + } + + return 1; +} + +void +ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len) +{ + ASN1_STRING_clear(astr); + + astr->data = data; + astr->length = len; +} + +void +asn1_add_error(const unsigned char *address, int offset) +{ + ERR_asprintf_error_data("offset=%d", offset); +} + +int +ASN1_STRING_length(const ASN1_STRING *astr) +{ + return astr->length; +} + +void +ASN1_STRING_length_set(ASN1_STRING *astr, int len) +{ + /* This is dangerous and unfixable. */ + astr->length = len; +} + +int +ASN1_STRING_type(const ASN1_STRING *astr) +{ + return astr->type; +} + +unsigned char * +ASN1_STRING_data(ASN1_STRING *astr) +{ + return astr->data; +} + +const unsigned char * +ASN1_STRING_get0_data(const ASN1_STRING *astr) +{ + return astr->data; +} + +int +ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr) +{ + int i, n; + char buf[80]; + const char *p; + + if (astr == NULL) + return 0; + + n = 0; + p = (const char *)astr->data; + for (i = 0; i < astr->length; i++) { + if ((p[i] > '~') || ((p[i] < ' ') && + (p[i] != '\n') && (p[i] != '\r'))) + buf[n] = '.'; + else + buf[n] = p[i]; + n++; + if (n >= 80) { + if (BIO_write(bp, buf, n) <= 0) + return 0; + n = 0; + } + } + if (n > 0) { + if (BIO_write(bp, buf, n) <= 0) + return 0; + } + + return 1; +} + +/* + * Utility function: convert any string type to UTF8, returns number of bytes + * in output string or a negative error code + */ +int +ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) +{ + ASN1_STRING stmp, *str = &stmp; + int mbflag, ret; + + if (in == NULL) + return -1; + + if ((mbflag = asn1_tag2charwidth(in->type)) == -1) + return -1; + + mbflag |= MBSTRING_FLAG; + + stmp.data = NULL; + stmp.length = 0; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, + B_ASN1_UTF8STRING); + if (ret < 0) + return ret; + *out = stmp.data; + return stmp.length; +} + +int +i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *astr, int type) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; + char buf[2]; + + if (astr == NULL) + return 0; + + if (astr->length == 0) { + if (BIO_write(bp, "0", 1) != 1) + goto err; + n = 1; + } else { + for (i = 0; i < astr->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; + } + buf[0] = h[((unsigned char)astr->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)astr->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; + } + } + return n; + + err: + return -1; +} + +int +a2i_ASN1_STRING(BIO *bp, ASN1_STRING *astr, char *buf, int size) +{ + int ret = 0; + int i, j, k, m, n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int first = 1; + size_t num = 0, slen = 0; + + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) { + if (first) + break; + else + goto err_sl; + } + first = 0; + + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\\') { + i--; + again = 1; + } else + again = 0; + buf[i] = '\0'; + if (i < 2) + goto err_sl; + + bufp = (unsigned char *)buf; + + k = 0; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); + goto err; + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + s = sp; + slen = num + i; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { + m = bufp[k + n]; + if ((m >= '0') && (m <= '9')) + m -= '0'; + else if ((m >= 'a') && (m <= 'f')) + m = m - 'a' + 10; + else if ((m >= 'A') && (m <= 'F')) + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); + goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; + } + } + num += i; + if (again) + bufsize = BIO_gets(bp, buf, size); + else + break; + } + astr->length = num; + astr->data = s; + + return 1; + + err_sl: + ASN1error(ASN1_R_SHORT_LINE); + err: + free(s); + + return ret; +} diff --git a/externals/libressl/crypto/asn1/a_strnid.c b/externals/libressl/crypto/asn1/a_strnid.c index 0585f7050..034c4d72c 100755 --- a/externals/libressl/crypto/asn1/a_strnid.c +++ b/externals/libressl/crypto/asn1/a_strnid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strnid.c,v 1.21 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -56,8 +56,9 @@ * */ -#include -#include +#include +#include +#include #include #include @@ -65,12 +66,15 @@ #include static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; + +static ASN1_STRING_TABLE *stable_get(int nid); static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, const ASN1_STRING_TABLE * const *b); -/* This is the global mask for the mbstring functions: this is use to +/* + * This is the global mask for the mbstring functions: this is used to * mask out certain types (such as BMPString and UTF8String) because * certain software (e.g. Netscape) has problems with them. */ @@ -89,7 +93,8 @@ ASN1_STRING_get_default_mask(void) return global_mask; } -/* This function sets the default to various "flavours" of configuration. +/* + * This function sets the default to various "flavours" of configuration * based on an ASCII string. Currently this is: * MASK:XXXX : a numerical mask value. * nobmp : Don't use BMPStrings (just Printable, T61). @@ -103,20 +108,26 @@ ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; + int save_errno; - if (!strncmp(p, "MASK:", 5)) { - if (!p[5]) + if (strncmp(p, "MASK:", 5) == 0) { + if (p[5] == '\0') return 0; + save_errno = errno; + errno = 0; mask = strtoul(p + 5, &end, 0); - if (*end) + if (errno == ERANGE && mask == ULONG_MAX) return 0; - } else if (!strcmp(p, "nombstr")) + errno = save_errno; + if (*end != '\0') + return 0; + } else if (strcmp(p, "nombstr") == 0) mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); - else if (!strcmp(p, "pkix")) + else if (strcmp(p, "pkix") == 0) mask = ~((unsigned long)B_ASN1_T61STRING); - else if (!strcmp(p, "utf8only")) + else if (strcmp(p, "utf8only") == 0) mask = B_ASN1_UTF8STRING; - else if (!strcmp(p, "default")) + else if (strcmp(p, "default") == 0) mask = 0xFFFFFFFFL; else return 0; @@ -124,7 +135,8 @@ ASN1_STRING_set_default_mask_asc(const char *p) return 1; } -/* The following function generates an ASN1_STRING based on limits in a table. +/* + * The following function generates an ASN1_STRING based on limits in a table. * Frequently the types and length of an ASN1_STRING are restricted by a * corresponding OID. For example certificates and certificate requests. */ @@ -137,12 +149,13 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, ASN1_STRING *str = NULL; unsigned long mask; int ret; - if (!out) + + if (out == NULL) out = &str; tbl = ASN1_STRING_TABLE_get(nid); - if (tbl) { + if (tbl != NULL) { mask = tbl->mask; - if (!(tbl->flags & STABLE_NO_MASK)) + if ((tbl->flags & STABLE_NO_MASK) == 0) mask &= global_mask; ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); @@ -154,7 +167,8 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, return *out; } -/* Now the tables and helper functions for the string table: +/* + * Now the tables and helper functions for the string table: */ /* size limits: this stuff is taken straight from RFC3280 */ @@ -231,20 +245,59 @@ ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid) { int idx; - ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; - ttmp = OBJ_bsearch_table(&fnd, tbl_standard, + if (stable != NULL) { + idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); + if (idx >= 0) + return sk_ASN1_STRING_TABLE_value(stable, idx); + } + return OBJ_bsearch_table(&fnd, tbl_standard, sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); - if (ttmp) - return ttmp; - if (!stable) +} + +/* + * Return a string table pointer which can be modified: either directly + * from table or a copy of an internal value added to the table. + */ + +static ASN1_STRING_TABLE * +stable_get(int nid) +{ + ASN1_STRING_TABLE *tmp, *rv; + + /* Always need a string table so allocate one if NULL */ + if (stable == NULL) { + stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if (stable == NULL) + return NULL; + } + tmp = ASN1_STRING_TABLE_get(nid); + if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0) + return tmp; + + if ((rv = calloc(1, sizeof(*rv))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); return NULL; - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if (idx < 0) + } + if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { + free(rv); return NULL; - return sk_ASN1_STRING_TABLE_value(stable, idx); + } + if (tmp != NULL) { + rv->nid = tmp->nid; + rv->minsize = tmp->minsize; + rv->maxsize = tmp->maxsize; + rv->mask = tmp->mask; + rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; + } else { + rv->nid = nid; + rv->minsize = -1; + rv->maxsize = -1; + rv->flags = STABLE_FLAGS_MALLOC; + } + return rv; } int @@ -252,37 +305,20 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, unsigned long flags) { ASN1_STRING_TABLE *tmp; - char new_nid = 0; - flags &= ~STABLE_FLAGS_MALLOC; - if (!stable) - stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if (!stable) { + if ((tmp = stable_get(nid)) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return 0; } - if (!(tmp = ASN1_STRING_TABLE_get(nid))) { - tmp = malloc(sizeof(ASN1_STRING_TABLE)); - if (!tmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - tmp->flags = flags | STABLE_FLAGS_MALLOC; - tmp->nid = nid; - new_nid = 1; - } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; - if (minsize != -1) + if (minsize >= 0) tmp->minsize = minsize; - if (maxsize != -1) + if (maxsize >= 0) tmp->maxsize = maxsize; - tmp->mask = mask; - if (new_nid) { - if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) { - free(tmp); - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - } + if (mask != 0) + tmp->mask = mask; + if (flags != 0) + tmp->flags = flags | STABLE_FLAGS_MALLOC; + return 1; } @@ -292,7 +328,7 @@ ASN1_STRING_TABLE_cleanup(void) STACK_OF(ASN1_STRING_TABLE) *tmp; tmp = stable; - if (!tmp) + if (tmp == NULL) return; stable = NULL; sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); diff --git a/externals/libressl/crypto/asn1/a_time.c b/externals/libressl/crypto/asn1/a_time.c index 7a3742fd7..cd6a790ca 100755 --- a/externals/libressl/crypto/asn1/a_time.c +++ b/externals/libressl/crypto/asn1/a_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time.c,v 1.27 2015/10/19 16:32:37 beck Exp $ */ +/* $OpenBSD: a_time.c,v 1.33 2021/12/25 07:48:09 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -80,6 +80,45 @@ const ASN1_ITEM ASN1_TIME_it = { .sname = "ASN1_TIME", }; +ASN1_TIME * +ASN1_TIME_new(void) +{ + return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it); +} + +void +ASN1_TIME_free(ASN1_TIME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); +} + +/* Public API in OpenSSL. Kept internal for now. */ +static int +ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) +{ + time_t now; + + if (s != NULL) + return ASN1_time_parse(s->data, s->length, tm, 0) != -1; + + time(&now); + memset(tm, 0, sizeof(*tm)); + + return gmtime_r(&now, tm) != NULL; +} + +int +ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to) +{ + struct tm tm_from, tm_to; + + if (!ASN1_TIME_to_tm(from, &tm_from)) + return 0; + if (!ASN1_TIME_to_tm(to, &tm_to)) + return 0; + + return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); +} ASN1_TIME * d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len) @@ -93,15 +132,3 @@ i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out) { return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it); } - -ASN1_TIME * -ASN1_TIME_new(void) -{ - return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it); -} - -void -ASN1_TIME_free(ASN1_TIME *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); -} diff --git a/externals/libressl/crypto/asn1/a_time_tm.c b/externals/libressl/crypto/asn1/a_time_tm.c index b6e22cbd2..5be2ff0af 100755 --- a/externals/libressl/crypto/asn1/a_time_tm.c +++ b/externals/libressl/crypto/asn1/a_time_tm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */ +/* $OpenBSD: a_time_tm.c,v 1.19 2022/03/31 13:04:47 tb Exp $ */ /* * Copyright (c) 2015 Bob Beck * @@ -163,10 +163,9 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) return (-1); lt = tm; - if (lt == NULL) { - memset(<m, 0, sizeof(ltm)); + if (lt == NULL) lt = <m; - } + memset(lt, 0, sizeof(*lt)); /* Timezone is required and must be GMT (Zulu). */ if (bytes[len - 1] != 'Z') @@ -260,10 +259,10 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, int allocated = 0; struct tm tm; size_t len; - char * p; + char *p; - if (gmtime_r(&t, &tm) == NULL) - return (NULL); + if (gmtime_r(&t, &tm) == NULL) + return (NULL); if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) @@ -289,8 +288,10 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, } if (s == NULL) { - if ((s = ASN1_TIME_new()) == NULL) + if ((s = ASN1_TIME_new()) == NULL) { + free(p); return (NULL); + } allocated = 1; } @@ -299,7 +300,7 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, case GENTIME_LENGTH: s->type = V_ASN1_GENERALIZEDTIME; break; - case UTCTIME_LENGTH: + case UTCTIME_LENGTH: s->type = V_ASN1_UTCTIME; break; default: @@ -354,7 +355,6 @@ ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) return (NULL); - memset(&tm, 0, sizeof(tm)); if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type)) return (NULL); if ((str = gentime_string_from_tm(&tm)) == NULL) diff --git a/externals/libressl/crypto/asn1/a_type.c b/externals/libressl/crypto/asn1/a_type.c index a18ffe66b..61609c38f 100755 --- a/externals/libressl/crypto/asn1/a_type.c +++ b/externals/libressl/crypto/asn1/a_type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_type.c,v 1.21 2019/10/24 16:36:10 jsing Exp $ */ +/* $OpenBSD: a_type.c,v 1.23 2021/12/25 12:19:16 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,11 +56,51 @@ * [including the GNU Public Licence.] */ -#include +#include #include +#include #include +typedef struct { + ASN1_INTEGER *num; + ASN1_OCTET_STRING *value; +} ASN1_int_octetstring; + +static const ASN1_TEMPLATE ASN1_INT_OCTETSTRING_seq_tt[] = { + { + .offset = offsetof(ASN1_int_octetstring, num), + .field_name = "num", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(ASN1_int_octetstring, value), + .field_name = "value", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM ASN1_INT_OCTETSTRING_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ASN1_INT_OCTETSTRING_seq_tt, + .tcount = sizeof(ASN1_INT_OCTETSTRING_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(ASN1_int_octetstring), + .sname = "ASN1_INT_OCTETSTRING", +}; + +ASN1_TYPE * +ASN1_TYPE_new(void) +{ + return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it); +} + +void +ASN1_TYPE_free(ASN1_TYPE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it); +} + int ASN1_TYPE_get(const ASN1_TYPE *a) { @@ -155,6 +195,108 @@ ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) return result; } +int +ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len) +{ + ASN1_STRING *os; + + if ((os = ASN1_OCTET_STRING_new()) == NULL) + return (0); + if (!ASN1_STRING_set(os, data, len)) { + ASN1_OCTET_STRING_free(os); + return (0); + } + ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); + return (1); +} + +int +ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) +{ + int ret, num; + unsigned char *p; + + if ((a->type != V_ASN1_OCTET_STRING) || + (a->value.octet_string == NULL)) { + ASN1error(ASN1_R_DATA_IS_WRONG); + return (-1); + } + p = ASN1_STRING_data(a->value.octet_string); + ret = ASN1_STRING_length(a->value.octet_string); + if (ret < max_len) + num = ret; + else + num = max_len; + memcpy(data, p, num); + return (ret); +} + +int +ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data, + int len) +{ + ASN1_int_octetstring *ios; + ASN1_STRING *sp = NULL; + int ret = 0; + + if ((ios = (ASN1_int_octetstring *)ASN1_item_new( + &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + if (!ASN1_INTEGER_set(ios->num, num)) + goto err; + if (!ASN1_OCTET_STRING_set(ios->value, data, len)) + goto err; + + if ((sp = ASN1_item_pack(ios, &ASN1_INT_OCTETSTRING_it, NULL)) == NULL) + goto err; + + ASN1_TYPE_set(at, V_ASN1_SEQUENCE, sp); + sp = NULL; + + ret = 1; + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + ASN1_STRING_free(sp); + + return ret; +} + +int +ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *data, + int max_len) +{ + ASN1_STRING *sp = at->value.sequence; + ASN1_int_octetstring *ios = NULL; + int ret = -1; + int len; + + if (at->type != V_ASN1_SEQUENCE || sp == NULL) + goto err; + + if ((ios = ASN1_item_unpack(sp, &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + + if (num != NULL) + *num = ASN1_INTEGER_get(ios->num); + if (data != NULL) { + len = ASN1_STRING_length(ios->value); + if (len > max_len) + len = max_len; + memcpy(data, ASN1_STRING_data(ios->value), len); + } + + ret = ASN1_STRING_length(ios->value); + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + + if (ret == -1) + ASN1error(ASN1_R_DATA_IS_WRONG); + + return ret; +} + ASN1_TYPE * ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) { @@ -185,3 +327,16 @@ ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) return NULL; return ASN1_item_unpack(t->value.sequence, it); } + +int +i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it); +} + +ASN1_TYPE * +d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len) +{ + return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ANY_it); +} diff --git a/externals/libressl/crypto/asn1/ameth_lib.c b/externals/libressl/crypto/asn1/ameth_lib.c index 8be82060e..8ff5a35d7 100755 --- a/externals/libressl/crypto/asn1/ameth_lib.c +++ b/externals/libressl/crypto/asn1/ameth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ameth_lib.c,v 1.21 2019/11/02 16:06:25 inoguchi Exp $ */ +/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -69,6 +69,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; @@ -340,34 +341,21 @@ EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src) { - dst->pub_decode = src->pub_decode; - dst->pub_encode = src->pub_encode; - dst->pub_cmp = src->pub_cmp; - dst->pub_print = src->pub_print; + EVP_PKEY_ASN1_METHOD preserve; - dst->priv_decode = src->priv_decode; - dst->priv_encode = src->priv_encode; - dst->priv_print = src->priv_print; + preserve.pkey_id = dst->pkey_id; + preserve.pkey_base_id = dst->pkey_base_id; + preserve.pkey_flags = dst->pkey_flags; + preserve.pem_str = dst->pem_str; + preserve.info = dst->info; - dst->old_priv_encode = src->old_priv_encode; - dst->old_priv_decode = src->old_priv_decode; + *dst = *src; - dst->pkey_size = src->pkey_size; - dst->pkey_bits = src->pkey_bits; - - dst->param_decode = src->param_decode; - dst->param_encode = src->param_encode; - dst->param_missing = src->param_missing; - dst->param_copy = src->param_copy; - dst->param_cmp = src->param_cmp; - dst->param_print = src->param_print; - dst->sig_print = src->sig_print; - - dst->pkey_free = src->pkey_free; - dst->pkey_ctrl = src->pkey_ctrl; - - dst->item_sign = src->item_sign; - dst->item_verify = src->item_verify; + dst->pkey_id = preserve.pkey_id; + dst->pkey_base_id = preserve.pkey_base_id; + dst->pkey_flags = preserve.pkey_flags; + dst->pem_str = preserve.pem_str; + dst->info = preserve.info; } void @@ -441,3 +429,24 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, { ameth->pkey_ctrl = pkey_ctrl; } + +void +EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_check = pkey_check; +} + +void +EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_public_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_public_check = pkey_public_check; +} + +void +EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check)(const EVP_PKEY *pk)) +{ + ameth->pkey_param_check = pkey_param_check; +} diff --git a/externals/libressl/crypto/asn1/asn1_err.c b/externals/libressl/crypto/asn1/asn1_err.c index 5cc355084..e2c56deb5 100755 --- a/externals/libressl/crypto/asn1/asn1_err.c +++ b/externals/libressl/crypto/asn1/asn1_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_err.c,v 1.21 2018/03/29 02:29:24 inoguchi Exp $ */ +/* $OpenBSD: asn1_err.c,v 1.22 2020/12/08 15:06:42 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -85,6 +85,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) , "bad object header"}, {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) , "bad password read"}, {ERR_REASON(ASN1_R_BAD_TAG) , "bad tag"}, + {ERR_REASON(ASN1_R_BAD_TEMPLATE) , "bad template"}, {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"}, {ERR_REASON(ASN1_R_BN_LIB) , "bn lib"}, {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, diff --git a/externals/libressl/crypto/asn1/asn1_gen.c b/externals/libressl/crypto/asn1/asn1_gen.c index ad7802cb1..d800b77a6 100755 --- a/externals/libressl/crypto/asn1/asn1_gen.c +++ b/externals/libressl/crypto/asn1/asn1_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_gen.c,v 1.17 2018/04/25 11:48:21 tb Exp $ */ +/* $OpenBSD: asn1_gen.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2002. */ @@ -258,7 +258,7 @@ ASN1_generate_v3(const char *str, X509V3_CTX *cnf) /* Obtain new ASN1_TYPE structure */ ret = d2i_ASN1_TYPE(NULL, &cp, len); -err: + err: free(orig_der); free(new_der); @@ -478,7 +478,7 @@ asn1_multi(int utype, const char *section, X509V3_CTX *cnf) der = NULL; -bad: + bad: free(der); if (sk) sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); @@ -771,9 +771,9 @@ asn1_str2type(const char *str, int format, int utype) atmp->type = utype; return atmp; -bad_str: + bad_str: ERR_asprintf_error_data("string=%s", str); -bad_form: + bad_form: ASN1_TYPE_free(atmp); return NULL; } diff --git a/externals/libressl/crypto/asn1/asn1_item.c b/externals/libressl/crypto/asn1/asn1_item.c new file mode 100755 index 000000000..108f272b8 --- /dev/null +++ b/externals/libressl/crypto/asn1/asn1_item.c @@ -0,0 +1,639 @@ +/* $OpenBSD: asn1_item.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +#include "asn1_locl.h" +#include "evp_locl.h" + +/* + * ASN1_ITEM version of dup: this follows the model above except we don't need + * to allocate the buffer. At some point this could be rewritten to directly dup + * the underlying structure instead of doing and encode and decode. + */ + +int +ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, + unsigned char *md, unsigned int *len) +{ + int i; + unsigned char *str = NULL; + + i = ASN1_item_i2d(asn, &str, it); + if (!str) + return (0); + + if (!EVP_Digest(str, i, md, len, type, NULL)) { + free(str); + return (0); + } + + free(str); + return (1); +} + +void * +ASN1_item_dup(const ASN1_ITEM *it, void *x) +{ + unsigned char *b = NULL; + const unsigned char *p; + long i; + void *ret; + + if (x == NULL) + return (NULL); + + i = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + ret = ASN1_item_d2i(NULL, &p, i, it); + free(b); + return (ret); +} + +/* Pack an ASN1 object into an ASN1_STRING. */ +ASN1_STRING * +ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) +{ + ASN1_STRING *octmp; + + if (!oct || !*oct) { + if (!(octmp = ASN1_STRING_new ())) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + } else + octmp = *oct; + + free(octmp->data); + octmp->data = NULL; + + if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { + ASN1error(ASN1_R_ENCODE_ERROR); + goto err; + } + if (!octmp->data) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (oct) + *oct = octmp; + return octmp; + err: + if (!oct || octmp != *oct) + ASN1_STRING_free(octmp); + return NULL; +} + +/* Extract an ASN1 object from an ASN1_STRING. */ +void * +ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) +{ + const unsigned char *p; + void *ret; + + p = oct->data; + if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) + ASN1error(ASN1_R_DECODE_ERROR); + return ret; +} + +int +ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) +{ + EVP_MD_CTX ctx; + EVP_MD_CTX_init(&ctx); + if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_cleanup(&ctx); + return 0; + } + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); +} + +int +ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +{ + const EVP_MD *type; + EVP_PKEY *pkey; + unsigned char *buf_in = NULL, *buf_out = NULL; + size_t inl = 0, outl = 0, outll = 0; + int signid, paramtype; + int rv; + + type = EVP_MD_CTX_md(ctx); + pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + + if (!type || !pkey) { + ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED); + return 0; + } + + if (pkey->ameth->item_sign) { + rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, + signature); + if (rv == 1) + outl = signature->length; + /* Return value meanings: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal. + * 3: ASN1 method sets algorithm identifiers: just sign. + */ + if (rv <= 0) + ASN1error(ERR_R_EVP_LIB); + if (rv <= 1) + goto err; + } else + rv = 2; + + if (rv == 2) { + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } + + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; + else + paramtype = V_ASN1_UNDEF; + + if (algor1) + X509_ALGOR_set0(algor1, + OBJ_nid2obj(signid), paramtype, NULL); + if (algor2) + X509_ALGOR_set0(algor2, + OBJ_nid2obj(signid), paramtype, NULL); + + } + + inl = ASN1_item_i2d(asn, &buf_in, it); + outll = outl = EVP_PKEY_size(pkey); + buf_out = malloc(outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_DigestSignUpdate(ctx, buf_in, inl) || + !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + outl = 0; + ASN1error(ERR_R_EVP_LIB); + goto err; + } + free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; + /* In the interests of compatibility, I'll make sure that + * the bit string has a 'not-used bits' value of 0 + */ + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + + err: + EVP_MD_CTX_cleanup(ctx); + freezero((char *)buf_in, inl); + freezero((char *)buf_out, outll); + return (outl); +} + +int +ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) +{ + EVP_MD_CTX ctx; + unsigned char *buf_in = NULL; + int ret = -1, inl; + + int mdnid, pknid; + + if (!pkey) { + ASN1error(ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + + EVP_MD_CTX_init(&ctx); + + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } + if (mdnid == NID_undef) { + if (!pkey->ameth || !pkey->ameth->item_verify) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } + ret = pkey->ameth->item_verify(&ctx, it, asn, a, + signature, pkey); + /* Return value of 2 means carry on, anything else means we + * exit straight away: either a fatal error of the underlying + * verification routine handles all verification. + */ + if (ret != 2) + goto err; + ret = -1; + } else { + const EVP_MD *type; + type = EVP_get_digestbynid(mdnid); + if (type == NULL) { + ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + + /* Check public key OID matches public key type */ + if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { + ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + + if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + + } + + inl = ASN1_item_i2d(asn, &buf_in, it); + + if (buf_in == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + + freezero(buf_in, (unsigned int)inl); + + if (EVP_DigestVerifyFinal(&ctx, signature->data, + (size_t)signature->length) <= 0) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + /* we don't need to zero the 'ctx' because we just checked + * public information */ + /* memset(&ctx,0,sizeof(ctx)); */ + ret = 1; + + err: + EVP_MD_CTX_cleanup(&ctx); + return (ret); +} + +#define HEADER_SIZE 8 +#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) +int +asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) +{ + BUF_MEM *b; + unsigned char *p; + const unsigned char *q; + long slen; + int i, inf, tag, xclass; + size_t want = HEADER_SIZE; + int eos = 0; + size_t off = 0; + size_t len = 0; + + b = BUF_MEM_new(); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return -1; + } + + ERR_clear_error(); + for (;;) { + if (want >= (len - off)) { + want -= (len - off); + + if (len + want < len || + !BUF_MEM_grow_clean(b, len + want)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + i = BIO_read(in, &(b->data[len]), want); + if ((i < 0) && ((len - off) == 0)) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + if (i > 0) { + if (len + i < len) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + len += i; + } + } + /* else data already loaded */ + + p = (unsigned char *) & (b->data[off]); + q = p; + inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off); + if (inf & 0x80) { + unsigned long e; + + e = ERR_GET_REASON(ERR_peek_error()); + if (e != ASN1_R_TOO_LONG) + goto err; + else + ERR_clear_error(); /* clear error */ + } + i = q - p; /* header length */ + off += i; /* end of data */ + + if (inf & 1) { + /* no data body so go round again */ + eos++; + if (eos < 0) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + goto err; + } + want = HEADER_SIZE; + } else if (eos && slen == 0 && tag == V_ASN1_EOC) { + /* eos value, so go back and read another header */ + eos--; + if (eos <= 0) + break; + else + want = HEADER_SIZE; + } else { + /* suck in slen bytes of data */ + want = slen; + if (want > (len - off)) { + size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; + + want -= (len - off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len+want < len) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + while (want > 0) { + /* + * Read content in chunks of increasing size + * so we can return an error for EOF without + * having to allocate the entire content length + * in one go. + */ + size_t chunk = want > chunk_max ? chunk_max : want; + + if (!BUF_MEM_grow_clean(b, len + chunk)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + want -= chunk; + while (chunk > 0) { + i = BIO_read(in, &(b->data[len]), chunk); + if (i <= 0) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + /* + * This can't overflow because |len+want| + * didn't overflow. + */ + len += i; + chunk -= i; + } + if (chunk_max < INT_MAX/2) + chunk_max *= 2; + } + } + if (off + slen < off) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + off += slen; + if (eos <= 0) { + break; + } else + want = HEADER_SIZE; + } + } + + if (off > INT_MAX) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + + *pb = b; + return off; + + err: + if (b != NULL) + BUF_MEM_free(b); + return -1; +} + +void * +ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; + + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; + + p = (const unsigned char *)b->data; + ret = ASN1_item_d2i(x, &p, len, it); + + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} + +void * +ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +{ + BIO *b; + char *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_item_d2i_bio(it, b, x); + BIO_free(b); + return (ret); +} + +int +ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) +{ + unsigned char *b = NULL; + int i, j = 0, n, ret = 1; + + n = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + free(b); + return (ret); +} + +int +ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_item_i2d_bio(it, b, x); + BIO_free(b); + return (ret); +} diff --git a/externals/libressl/crypto/asn1/asn1_lib.c b/externals/libressl/crypto/asn1/asn1_lib.c index 5dc520c42..6a29c327f 100755 --- a/externals/libressl/crypto/asn1/asn1_lib.c +++ b/externals/libressl/crypto/asn1/asn1_lib.c @@ -1,436 +1,202 @@ -/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* $OpenBSD: asn1_lib.c,v 1.52 2022/03/26 14:47:58 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include -#include -#include +#include -#include -#include - -static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max); -static void asn1_put_length(unsigned char **pp, int length); +#include "bytestring.h" static int -_asn1_check_infinite_end(const unsigned char **p, long len) +asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class, + int *out_constructed, uint32_t *out_tag_number) { - /* If there is 0 or 1 byte left, the length check should pick - * things up */ - if (len <= 0) - return (1); - else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { - (*p) += 2; - return (1); - } - return (0); -} + uint8_t tag_class, tag_val; + int tag_constructed; + uint32_t tag_number; -int -ASN1_check_infinite_end(unsigned char **p, long len) -{ - return _asn1_check_infinite_end((const unsigned char **)p, len); -} + /* + * Decode ASN.1 identifier octets - see ITU-T X.690 section 8.1.2. + */ -int -ASN1_const_check_infinite_end(const unsigned char **p, long len) -{ - return _asn1_check_infinite_end(p, len); -} + *out_class = 0; + *out_constructed = 0; + *out_tag_number = 0; -int -ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax) -{ - int i, ret; - long l; - const unsigned char *p = *pp; - int tag, xclass, inf; - long max = omax; + if (!CBS_get_u8(cbs, &tag_val)) + return 0; - if (!max) - goto err; - ret = (*p & V_ASN1_CONSTRUCTED); - xclass = (*p & V_ASN1_PRIVATE); - i = *p & V_ASN1_PRIMITIVE_TAG; - if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ - p++; - if (--max == 0) - goto err; - l = 0; - while (*p & 0x80) { - l <<= 7L; - l |= *(p++) & 0x7f; - if (--max == 0) - goto err; - if (l > (INT_MAX >> 7L)) - goto err; - } - l <<= 7L; - l |= *(p++) & 0x7f; - tag = (int)l; - if (--max == 0) - goto err; - } else { - tag = i; - p++; - if (--max == 0) - goto err; - } - *ptag = tag; - *pclass = xclass; - if (!asn1_get_length(&p, &inf, plength, (int)max)) - goto err; + /* + * ASN.1 tag class, encoding (primitive or constructed) and tag number + * are encoded in one or more identifier octets - the first octet + * contains the 2 bit tag class, the 1 bit encoding type and 5 bits + * of tag number. + * + * For tag numbers larger than 30 (0x1e) the 5 bit tag number in the + * first octet is set to all ones (0x1f) - the tag number is then + * encoded in subsequent octets - each of which have a one bit + * continuation flag and 7 bits of tag number in big-endian form. + * The encoding should not contain leading zeros but can for BER. + */ + tag_class = (tag_val >> 6) & 0x3; + tag_constructed = (tag_val >> 5) & 0x1; + tag_number = tag_val & 0x1f; - if (inf && !(ret & V_ASN1_CONSTRUCTED)) - goto err; - - if (*plength > (omax - (p - *pp))) { - ASN1error(ASN1_R_TOO_LONG); - /* Set this so that even if things are not long enough - * the values are set correctly */ - ret |= 0x80; - } - *pp = p; - return (ret | inf); - -err: - ASN1error(ASN1_R_HEADER_TOO_LONG); - return (0x80); -} - -static int -asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) -{ - const unsigned char *p = *pp; - unsigned long ret = 0; - unsigned int i; - - if (max-- < 1) - return (0); - if (*p == 0x80) { - *inf = 1; - ret = 0; - p++; - } else { - *inf = 0; - i = *p & 0x7f; - if (*(p++) & 0x80) { - if (max < (int)i) - return (0); - /* skip leading zeroes */ - while (i && *p == 0) { - p++; - i--; - } - if (i > sizeof(long)) + /* Long form. */ + if (tag_number == 0x1f) { + tag_number = 0; + do { + if (!CBS_get_u8(cbs, &tag_val)) return 0; - while (i-- > 0) { - ret <<= 8L; - ret |= *(p++); - } - } else - ret = i; + if (der_mode && tag_number == 0 && tag_val == 0x80) + return 0; + if (tag_number > (UINT32_MAX >> 7)) + return 0; + tag_number = tag_number << 7 | (tag_val & 0x7f); + } while ((tag_val & 0x80) != 0); } - if (ret > LONG_MAX) - return 0; - *pp = p; - *rl = (long)ret; - return (1); -} -/* class 0 is constructed - * constructed == 2 for indefinite length constructed */ -void -ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, - int xclass) -{ - unsigned char *p = *pp; - int i, ttag; + *out_class = tag_class; + *out_constructed = tag_constructed; + *out_tag_number = tag_number; - i = (constructed) ? V_ASN1_CONSTRUCTED : 0; - i |= (xclass & V_ASN1_PRIVATE); - if (tag < 31) - *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); - else { - *(p++) = i | V_ASN1_PRIMITIVE_TAG; - for(i = 0, ttag = tag; ttag > 0; i++) - ttag >>= 7; - ttag = i; - while (i-- > 0) { - p[i] = tag & 0x7f; - if (i != (ttag - 1)) - p[i] |= 0x80; - tag >>= 7; - } - p += ttag; - } - if (constructed == 2) - *(p++) = 0x80; - else - asn1_put_length(&p, length); - *pp = p; -} - -int -ASN1_put_eoc(unsigned char **pp) -{ - unsigned char *p = *pp; - - *p++ = 0; - *p++ = 0; - *pp = p; - return 2; -} - -static void -asn1_put_length(unsigned char **pp, int length) -{ - unsigned char *p = *pp; - - int i, l; - if (length <= 127) - *(p++) = (unsigned char)length; - else { - l = length; - for (i = 0; l > 0; i++) - l >>= 8; - *(p++) = i | 0x80; - l = i; - while (i-- > 0) { - p[i] = length & 0xff; - length >>= 8; - } - p += l; - } - *pp = p; -} - -int -ASN1_object_size(int constructed, int length, int tag) -{ - int ret; - - ret = length; - ret++; - if (tag >= 31) { - while (tag > 0) { - tag >>= 7; - ret++; - } - } - if (constructed == 2) - return ret + 3; - ret++; - if (length > 127) { - while (length > 0) { - length >>= 8; - ret++; - } - } - return (ret); -} - -int -ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) -{ - if (str == NULL) - return 0; - dst->type = str->type; - if (!ASN1_STRING_set(dst, str->data, str->length)) - return 0; - dst->flags = str->flags; return 1; } -ASN1_STRING * -ASN1_STRING_dup(const ASN1_STRING *str) +static int +asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite, + uint32_t *out_length) { - ASN1_STRING *ret; + uint8_t len_bytes; + uint32_t length; + uint8_t val; - if (!str) - return NULL; - ret = ASN1_STRING_new(); - if (!ret) - return NULL; - if (!ASN1_STRING_copy(ret, str)) { - ASN1_STRING_free(ret); - return NULL; + /* + * Decode ASN.1 length octets - see ITU-T X.690 section 8.1.3. + */ + + *out_length = 0; + *out_indefinite = 0; + + if (!CBS_get_u8(cbs, &val)) + return 0; + + /* + * Short form - length is encoded in the lower 7 bits of a single byte. + */ + if (val < 0x80) { + *out_length = val; + return 1; } - return ret; + + /* + * Indefinite length - content continues until an End of Content (EOC) + * marker is reached. Must be used with constructed encoding. + */ + if (val == 0x80) { + *out_indefinite = 1; + return 1; + } + + /* + * Long form - the lower 7 bits of the first byte specifies the number + * of bytes used to encode the length, the following bytes specify the + * length in big-endian form. The encoding should not contain leading + * zeros but can for BER. A length value of 0x7f is invalid. + */ + if ((len_bytes = val & 0x7f) == 0x7f) + return 0; + + length = 0; + + while (len_bytes-- > 0) { + if (!CBS_get_u8(cbs, &val)) + return 0; + if (der_mode && length == 0 && val == 0) + return 0; + if (length > (UINT32_MAX >> 8)) + return 0; + length = (length << 8) | val; + } + + *out_length = length; + + return 1; } int -ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_tag_class, + int *out_constructed, uint32_t *out_tag_number, int *out_indefinite, + uint32_t *out_length) { - const char *data = _data; + int constructed, indefinite; + uint32_t tag_number, length; + uint8_t tag_class; - if (len < 0) { - if (data == NULL) - return (0); - else - len = strlen(data); - } - if ((str->length < len) || (str->data == NULL)) { - unsigned char *tmp; - tmp = realloc(str->data, len + 1); - if (tmp == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - str->data = tmp; - } - str->length = len; - if (data != NULL) { - memmove(str->data, data, len); - } - str->data[str->length] = '\0'; - return (1); -} + *out_tag_class = 0; + *out_constructed = 0; + *out_tag_number = 0; + *out_indefinite = 0; + *out_length = 0; -void -ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) -{ - freezero(str->data, str->length); - str->data = data; - str->length = len; -} + if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed, + &tag_number)) + return 0; + if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length)) + return 0; -ASN1_STRING * -ASN1_STRING_new(void) -{ - return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); -} + /* Indefinite length can only be used with constructed encoding. */ + if (indefinite && !constructed) + return 0; -ASN1_STRING * -ASN1_STRING_type_new(int type) -{ - ASN1_STRING *ret; + *out_tag_class = tag_class; + *out_constructed = constructed; + *out_tag_number = tag_number; + *out_indefinite = indefinite; + *out_length = length; - ret = malloc(sizeof(ASN1_STRING)); - if (ret == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->length = 0; - ret->type = type; - ret->data = NULL; - ret->flags = 0; - return (ret); -} - -void -ASN1_STRING_free(ASN1_STRING *a) -{ - if (a == NULL) - return; - if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) - freezero(a->data, a->length); - free(a); + return 1; } int -ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number, + CBS *out_content) { - int i; + int constructed, indefinite; + uint32_t tag_number, length; + uint8_t tag_class; - i = (a->length - b->length); - if (i == 0) { - i = memcmp(a->data, b->data, a->length); - if (i == 0) - return (a->type - b->type); - else - return (i); - } else - return (i); -} + *out_tag_number = 0; -void -asn1_add_error(const unsigned char *address, int offset) -{ - ERR_asprintf_error_data("offset=%d", offset); -} + CBS_init(out_content, NULL, 0); -int -ASN1_STRING_length(const ASN1_STRING *x) -{ - return (x->length); -} + if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed, + &tag_number)) + return 0; + if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length)) + return 0; -void -ASN1_STRING_length_set(ASN1_STRING *x, int len) -{ - x->length = len; -} + /* A primitive is not constructed and has a definite length. */ + if (constructed || indefinite) + return 0; -int -ASN1_STRING_type(const ASN1_STRING *x) -{ - return (x->type); -} + if (!CBS_get_bytes(cbs, out_content, length)) + return 0; -unsigned char * -ASN1_STRING_data(ASN1_STRING *x) -{ - return (x->data); -} + *out_tag_number = tag_number; -const unsigned char * -ASN1_STRING_get0_data(const ASN1_STRING *x) -{ - return (x->data); + return 1; } diff --git a/externals/libressl/crypto/asn1/asn1_locl.h b/externals/libressl/crypto/asn1/asn1_locl.h index 39779d937..756e4070b 100755 --- a/externals/libressl/crypto/asn1/asn1_locl.h +++ b/externals/libressl/crypto/asn1/asn1_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_locl.h,v 1.12 2019/10/24 16:36:10 jsing Exp $ */ +/* $OpenBSD: asn1_locl.h,v 1.24 2022/03/26 14:47:58 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -56,6 +56,8 @@ * */ +#include "bytestring.h" + __BEGIN_HIDDEN_DECLS /* Internal ASN1 structures and functions: not for application use */ @@ -63,6 +65,20 @@ __BEGIN_HIDDEN_DECLS ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +/* These are used internally in the ASN1_OBJECT to keep track of + * whether the names and data need to be free()ed */ +#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +} /* ASN1_OBJECT */; + /* ASN1 print context structure */ struct asn1_pctx_st { @@ -122,6 +138,9 @@ struct evp_pkey_asn1_method_st { int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + int (*pkey_check)(const EVP_PKEY *pk); + int (*pkey_public_check)(const EVP_PKEY *pk); + int (*pkey_param_check)(const EVP_PKEY *pk); } /* EVP_PKEY_ASN1_METHOD */; /* Method to handle CRL access. @@ -142,6 +161,23 @@ struct x509_crl_method_st { int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); }; +int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); + +ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); + +int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + +void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); + +int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); + /* * Unicode codepoint constants */ @@ -155,4 +191,18 @@ struct x509_crl_method_st { int UTF8_getc(const unsigned char *str, int len, unsigned long *val); int UTF8_putc(unsigned char *str, int len, unsigned long value); +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + +int asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_class, + int *out_constructed, uint32_t *out_tag_number, int *out_indefinite, + uint32_t *out_length); +int asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number, + CBS *out_content); + +int asn1_tag2charwidth(int tag); + +int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, + int no_name); +ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid); + __END_HIDDEN_DECLS diff --git a/externals/libressl/crypto/asn1/asn1_old.c b/externals/libressl/crypto/asn1/asn1_old.c new file mode 100755 index 000000000..59e9cdb10 --- /dev/null +++ b/externals/libressl/crypto/asn1/asn1_old.c @@ -0,0 +1,180 @@ +/* $OpenBSD: asn1_old.c,v 1.2 2021/12/25 13:17:48 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#include +#include +#include + +#include "asn1_locl.h" + +#ifndef NO_OLD_ASN1 + +void * +ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) +{ + unsigned char *b, *p; + const unsigned char *p2; + int i; + char *ret; + + if (x == NULL) + return (NULL); + + i = i2d(x, NULL); + b = malloc(i + 10); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); + } + p = b; + i = i2d(x, &p); + p2 = b; + ret = d2i(NULL, &p2, i); + free(b); + return (ret); +} + +void * +ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) +{ + BIO *b; + void *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_d2i_bio(xnew, d2i, b, x); + BIO_free(b); + return (ret); +} + +void * +ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; + + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; + + p = (unsigned char *)b->data; + ret = d2i(x, &p, len); + + err: + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} + +int +ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_i2d_bio(i2d, b, x); + BIO_free(b); + return (ret); +} + +int +ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +{ + char *b; + unsigned char *p; + int i, j = 0, n, ret = 1; + + n = i2d(x, NULL); + b = malloc(n); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + + p = (unsigned char *)b; + i2d(x, &p); + + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; + break; + } + j += i; + n -= i; + } + free(b); + return (ret); +} + +#endif diff --git a/externals/libressl/crypto/asn1/asn1_old_lib.c b/externals/libressl/crypto/asn1/asn1_old_lib.c new file mode 100755 index 000000000..e41a5ea25 --- /dev/null +++ b/externals/libressl/crypto/asn1/asn1_old_lib.c @@ -0,0 +1,211 @@ +/* $OpenBSD: asn1_old_lib.c,v 1.3 2022/01/14 07:57:17 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include +#include + +#include "asn1_locl.h" + +static void asn1_put_length(unsigned char **pp, int length); + +int +ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax) +{ + int constructed, indefinite; + uint32_t tag_number, length; + uint8_t tag_class; + CBS cbs; + int ret = 0; + + *pclass = 0; + *ptag = 0; + *plength = 0; + + CBS_init(&cbs, *pp, omax); + + if (!asn1_get_object_cbs(&cbs, 0, &tag_class, &constructed, &tag_number, + &indefinite, &length)) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + return 0x80; + } + + if (tag_number > INT_MAX) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + return 0x80; + } + + /* + * API insanity ahead... in this case we add an error to the stack and + * signal an error by setting the 8th bit in the return value... but we + * still provide all of the decoded data. + */ + if (length > CBS_len(&cbs)) { + ASN1error(ASN1_R_TOO_LONG); + ret = 0x80; + } + + *pclass = tag_class << 6; + *ptag = tag_number; + *plength = length; + + *pp = CBS_data(&cbs); + + if (constructed) + ret |= 1 << 5; + if (indefinite) + ret |= 1; + + return ret; +} + +/* class 0 is constructed + * constructed == 2 for indefinite length constructed */ +void +ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass) +{ + unsigned char *p = *pp; + int i, ttag; + + i = (constructed) ? V_ASN1_CONSTRUCTED : 0; + i |= (xclass & V_ASN1_PRIVATE); + if (tag < 31) + *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); + else { + *(p++) = i | V_ASN1_PRIMITIVE_TAG; + for(i = 0, ttag = tag; ttag > 0; i++) + ttag >>= 7; + ttag = i; + while (i-- > 0) { + p[i] = tag & 0x7f; + if (i != (ttag - 1)) + p[i] |= 0x80; + tag >>= 7; + } + p += ttag; + } + if (constructed == 2) + *(p++) = 0x80; + else + asn1_put_length(&p, length); + *pp = p; +} + +int +ASN1_put_eoc(unsigned char **pp) +{ + unsigned char *p = *pp; + + *p++ = 0; + *p++ = 0; + *pp = p; + return 2; +} + +static void +asn1_put_length(unsigned char **pp, int length) +{ + unsigned char *p = *pp; + + int i, l; + if (length <= 127) + *(p++) = (unsigned char)length; + else { + l = length; + for (i = 0; l > 0; i++) + l >>= 8; + *(p++) = i | 0x80; + l = i; + while (i-- > 0) { + p[i] = length & 0xff; + length >>= 8; + } + p += l; + } + *pp = p; +} + +int +ASN1_object_size(int constructed, int length, int tag) +{ + int ret; + + ret = length; + ret++; + if (tag >= 31) { + while (tag > 0) { + tag >>= 7; + ret++; + } + } + if (constructed == 2) + return ret + 3; + ret++; + if (length > 127) { + while (length > 0) { + length >>= 8; + ret++; + } + } + return (ret); +} diff --git a/externals/libressl/crypto/asn1/asn1_par.c b/externals/libressl/crypto/asn1/asn1_par.c index 1ec9b1ac6..6c14f271b 100755 --- a/externals/libressl/crypto/asn1/asn1_par.c +++ b/externals/libressl/crypto/asn1/asn1_par.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_par.c,v 1.28 2020/01/09 11:27:21 inoguchi Exp $ */ +/* $OpenBSD: asn1_par.c,v 1.34 2022/02/12 03:07:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,7 +80,8 @@ asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p="prim: "; if (BIO_write(bp, p, 6) < 6) goto err; - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) @@ -97,7 +98,7 @@ asn1_print_info(BIO *bp, int tag, int xclass, int constructed, if (BIO_printf(bp, "%-18s", p) <= 0) goto err; return (1); -err: + err: return (0); } @@ -232,16 +233,13 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, goto end; } } else if (tag == V_ASN1_BOOLEAN) { - int ii; - - opp = op; - ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); - if (ii < 0) { + if (len == 1 && p < tot) { + BIO_printf(bp, ":%u", p[0]); + } else { if (BIO_write(bp, "Bad boolean\n", 12) <= 0) goto end; } - BIO_printf(bp, ":%d", ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { @@ -375,7 +373,7 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, } ret = 1; -end: + end: if (o != NULL) ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); @@ -384,25 +382,3 @@ end: *pp = p; return (ret); } - -const char * -ASN1_tag2str(int tag) -{ - static const char * const tag2str[] = { - "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ - "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ - "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ - "", "", "SEQUENCE", "SET", /* 15-17 */ - "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ - "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", /* 21-24 */ - "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ - "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ - }; - - if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) - tag &= ~0x100; - - if (tag < 0 || tag > 30) - return "(unknown)"; - return tag2str[tag]; -} diff --git a/externals/libressl/crypto/asn1/asn1_types.c b/externals/libressl/crypto/asn1/asn1_types.c new file mode 100755 index 000000000..c8e6b23f4 --- /dev/null +++ b/externals/libressl/crypto/asn1/asn1_types.c @@ -0,0 +1,263 @@ +/* $OpenBSD: asn1_types.c,v 1.1 2021/12/14 17:35:21 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +struct asn1_type { + const char *name; + uint32_t bit_value; + int char_width; +}; + +/* + * Universal class tag types - ITU X.680. + */ +static const struct asn1_type asn1_types[31] = { + [0] = { + /* Tag 0 (0x00) - Reserved for use by encoding rules */ + .name = "EOC", + .bit_value = 0, + .char_width = -1, + }, + [1] = { + /* Tag 1 (0x01) - Boolean */ + .name = "BOOLEAN", + .bit_value = 0, + .char_width = -1, + }, + [2] = { + /* Tag 2 (0x02) - Integer */ + .name = "INTEGER", + .bit_value = 0, + .char_width = -1, + }, + [3] = { + /* Tag 3 (0x03) - BitString */ + .name = "BIT STRING", + .bit_value = B_ASN1_BIT_STRING, + .char_width = -1, + }, + [4] = { + /* Tag 4 (0x04) - OctetString */ + .name = "OCTET STRING", + .bit_value = B_ASN1_OCTET_STRING, + .char_width = -1, + }, + [5] = { + /* Tag 5 (0x05) - Null */ + .name = "NULL", + .bit_value = 0, + .char_width = -1, + }, + [6] = { + /* Tag 6 (0x06) - Object Identifier */ + .name = "OBJECT", + .bit_value = 0, + .char_width = -1, + }, + [7] = { + /* Tag 7 (0x07) - Object Descriptor */ + .name = "OBJECT DESCRIPTOR", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [8] = { + /* Tag 8 (0x08) - External */ + .name = "EXTERNAL", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [9] = { + /* Tag 9 (0x09) - Real */ + .name = "REAL", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [10] = { + /* Tag 10 (0x0a) - Enumerated */ + .name = "ENUMERATED", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [11] = { + /* Tag 11 (0x0b) - Embedded PDV */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [12] = { + /* Tag 12 (0x0c) - UTF8String */ + .name = "UTF8STRING", + .bit_value = B_ASN1_UTF8STRING, + .char_width = 0, + }, + [13] = { + /* Tag 13 (0x0d) - Relative Object Identifier */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [14] = { + /* Tag 14 (0x0e) - Time */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [15] = { + /* Tag 15 (0x0f) - Reserved */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [16] = { + /* Tag 16 (0x10)- Sequence */ + .name = "SEQUENCE", + .bit_value = B_ASN1_SEQUENCE, + .char_width = -1, + }, + [17] = { + /* Tag 17 (0x11) - Set */ + .name = "SET", + .bit_value = 0, + .char_width = -1, + }, + [18] = { + /* Tag 18 (0x12) - NumericString */ + .name = "NUMERICSTRING", + .bit_value = B_ASN1_NUMERICSTRING, + .char_width = -1, + }, + [19] = { + /* Tag 19 (0x13) - PrintableString */ + .name = "PRINTABLESTRING", + .bit_value = B_ASN1_PRINTABLESTRING, + .char_width = 1, + }, + [20] = { + /* Tag 20 (0x14) - TeletexString (T61String) */ + .name = "T61STRING", + .bit_value = B_ASN1_T61STRING, + .char_width = 1, + }, + [21] = { + /* Tag 21 (0x15) - VideotexString */ + .name = "VIDEOTEXSTRING", + .bit_value = B_ASN1_VIDEOTEXSTRING, + .char_width = -1, + }, + [22] = { + /* Tag 22 (0x16) - IA5String */ + .name = "IA5STRING", + .bit_value = B_ASN1_IA5STRING, + .char_width = 1, + }, + [23] = { + /* Tag 23 (0x17) - UTCTime */ + .name = "UTCTIME", + .bit_value = B_ASN1_UTCTIME, + .char_width = 1, + }, + [24] = { + /* Tag 24 (0x18) - GeneralizedTime */ + .name = "GENERALIZEDTIME", + .bit_value = B_ASN1_GENERALIZEDTIME, + .char_width = 1, + }, + [25] = { + /* Tag 25 (0x19) - GraphicString */ + .name = "GRAPHICSTRING", + .bit_value = B_ASN1_GRAPHICSTRING, + .char_width = -1, + }, + [26] = { + /* Tag 26 (0x1a) - VisibleString (ISO646String) */ + .name = "VISIBLESTRING", + .bit_value = B_ASN1_ISO64STRING, + .char_width = 1, + }, + [27] = { + /* Tag 27 (0x1b) - GeneralString */ + .name = "GENERALSTRING", + .bit_value = B_ASN1_GENERALSTRING, + .char_width = -1, + }, + [28] = { + /* Tag 28 (0x1c) - UniversalString */ + .name = "UNIVERSALSTRING", + .bit_value = B_ASN1_UNIVERSALSTRING, + .char_width = 4, + }, + [29] = { + /* Tag 29 (0x1d) - Unallocated */ + .name = "", + .bit_value = B_ASN1_UNKNOWN, + .char_width = -1, + }, + [30] = { + /* Tag 30 (0x1e) - BMPString */ + .name = "BMPSTRING", + .bit_value = B_ASN1_BMPSTRING, + .char_width = 2, + }, +}; + +static const struct asn1_type * +asn1_type_by_tag(int tag) +{ + if (tag < 0 || tag > 30) + return NULL; + + return &asn1_types[tag]; +} + +int +asn1_tag2charwidth(int tag) +{ + const struct asn1_type *at; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->char_width; + + return -1; +} + +unsigned long +ASN1_tag2bit(int tag) +{ + const struct asn1_type *at; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return (unsigned long)at->bit_value; + + return 0; +} + +const char * +ASN1_tag2str(int tag) +{ + const struct asn1_type *at; + + if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED) + tag &= ~V_ASN1_NEG; + + if ((at = asn1_type_by_tag(tag)) != NULL) + return at->name; + + return "(unknown)"; +} diff --git a/externals/libressl/crypto/asn1/asn_mime.c b/externals/libressl/crypto/asn1/asn_mime.c index 6bad11177..315021437 100755 --- a/externals/libressl/crypto/asn1/asn_mime.c +++ b/externals/libressl/crypto/asn1/asn_mime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_mime.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: asn_mime.c,v 1.29 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -63,6 +63,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* Generalised MIME like utilities for streaming ASN1. Although many * have a PKCS7/CMS like flavour others are more general purpose. @@ -267,7 +268,7 @@ asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) ret = 1; -err: + err: return ret; } @@ -778,7 +779,7 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) return headers; -merr: + merr: if (mhdr != NULL) mime_hdr_free(mhdr); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); @@ -866,7 +867,7 @@ mime_hdr_new(char *name, char *value) goto err; } return mhdr; -err: + err: free(tmpname); free(tmpval); return NULL; @@ -901,7 +902,7 @@ mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) goto err; } return 1; -err: + err: free(tmpname); free(tmpval); return 0; diff --git a/externals/libressl/crypto/asn1/asn_moid.c b/externals/libressl/crypto/asn1/asn_moid.c index 7bf493e28..c672f0ae9 100755 --- a/externals/libressl/crypto/asn1/asn_moid.c +++ b/externals/libressl/crypto/asn1/asn_moid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_moid.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: asn_moid.c,v 1.14 2022/01/07 11:13:54 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,8 @@ #include #include +#include "asn1_locl.h" + /* Simple ASN1 OID module: add all objects in a given section */ static int do_create(char *value, char *name); diff --git a/externals/libressl/crypto/asn1/bio_asn1.c b/externals/libressl/crypto/asn1/bio_asn1.c index 93bcb3388..9017786f1 100755 --- a/externals/libressl/crypto/asn1/bio_asn1.c +++ b/externals/libressl/crypto/asn1/bio_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_asn1.c,v 1.13 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bio_asn1.c,v 1.17 2022/01/14 08:40:57 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -67,6 +67,8 @@ #include #include +#include "bio_local.h" + /* Must be large enough for biggest tag+length */ #define DEFAULT_ASN1_BUF_SIZE 20 @@ -116,9 +118,8 @@ static int asn1_bio_gets(BIO *h, char *str, int size); static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int asn1_bio_new(BIO *h); static int asn1_bio_free(BIO *data); -static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *cleanup, asn1_bio_state_t next); static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, @@ -148,35 +149,23 @@ static int asn1_bio_new(BIO *b) { BIO_ASN1_BUF_CTX *ctx; - ctx = malloc(sizeof(BIO_ASN1_BUF_CTX)); - if (!ctx) + + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) return 0; - if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { + + if ((ctx->buf = malloc(DEFAULT_ASN1_BUF_SIZE)) == NULL) { free(ctx); return 0; } + ctx->bufsize = DEFAULT_ASN1_BUF_SIZE; + ctx->asn1_class = V_ASN1_UNIVERSAL; + ctx->asn1_tag = V_ASN1_OCTET_STRING; + ctx->state = ASN1_STATE_START; + b->init = 1; b->ptr = (char *)ctx; b->flags = 0; - return 1; -} -static int -asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) -{ - ctx->buf = malloc(size); - if (!ctx->buf) - return 0; - ctx->bufsize = size; - ctx->bufpos = 0; - ctx->buflen = 0; - ctx->copylen = 0; - ctx->asn1_class = V_ASN1_UNIVERSAL; - ctx->asn1_tag = V_ASN1_OCTET_STRING; - ctx->ex_buf = NULL; - ctx->ex_pos = 0; - ctx->ex_len = 0; - ctx->state = ASN1_STATE_START; return 1; } @@ -284,7 +273,7 @@ asn1_bio_write(BIO *b, const char *in , int inl) } -done: + done: BIO_clear_retry_flags(b); BIO_copy_next_retry(b); @@ -357,7 +346,7 @@ asn1_bio_gets(BIO *b, char *str, int size) } static long -asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { if (b->next_bio == NULL) return (0); diff --git a/externals/libressl/crypto/asn1/bio_ndef.c b/externals/libressl/crypto/asn1/bio_ndef.c index 890b14130..88b204e8a 100755 --- a/externals/libressl/crypto/asn1/bio_ndef.c +++ b/externals/libressl/crypto/asn1/bio_ndef.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ndef.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bio_ndef.c,v 1.11 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -143,7 +143,7 @@ BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) return sarg.ndef_bio; -err: + err: BIO_free(asn_bio); free(ndef_aux); return NULL; diff --git a/externals/libressl/crypto/asn1/p5_pbe.c b/externals/libressl/crypto/asn1/p5_pbe.c index 8fd416a3e..a150b20bc 100755 --- a/externals/libressl/crypto/asn1/p5_pbe.c +++ b/externals/libressl/crypto/asn1/p5_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbe.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: p5_pbe.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -159,7 +159,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; -err: + err: if (pbe != NULL) PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); diff --git a/externals/libressl/crypto/asn1/p5_pbev2.c b/externals/libressl/crypto/asn1/p5_pbev2.c index 0105c5954..d88a4dfc6 100755 --- a/externals/libressl/crypto/asn1/p5_pbev2.c +++ b/externals/libressl/crypto/asn1/p5_pbev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: p5_pbev2.c,v 1.27 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -64,6 +64,8 @@ #include #include +#include "evp_locl.h" + /* PKCS#5 v2.0 password based encryption structures */ static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = { @@ -272,10 +274,10 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, return ret; -merr: + merr: ASN1error(ERR_R_MALLOC_FAILURE); -err: + err: PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ X509_ALGOR_free(kalg); @@ -364,7 +366,7 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, PBKDF2PARAM_free(kdf); return keyfunc; -merr: + merr: ASN1error(ERR_R_MALLOC_FAILURE); PBKDF2PARAM_free(kdf); X509_ALGOR_free(keyfunc); diff --git a/externals/libressl/crypto/asn1/p8_pkey.c b/externals/libressl/crypto/asn1/p8_pkey.c index d2f8e6b05..18659a6f4 100755 --- a/externals/libressl/crypto/asn1/p8_pkey.c +++ b/externals/libressl/crypto/asn1/p8_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p8_pkey.c,v 1.19 2018/08/24 20:17:33 tb Exp $ */ +/* $OpenBSD: p8_pkey.c,v 1.20 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/externals/libressl/crypto/asn1/t_crl.c b/externals/libressl/crypto/asn1/t_crl.c index 057b8fe31..3ded015d2 100755 --- a/externals/libressl/crypto/asn1/t_crl.c +++ b/externals/libressl/crypto/asn1/t_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_crl.c,v 1.18 2019/05/12 15:56:31 tb Exp $ */ +/* $OpenBSD: t_crl.c,v 1.20 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509_CRL_print_fp(FILE *fp, X509_CRL *x) { @@ -138,6 +140,6 @@ X509_CRL_print(BIO *out, X509_CRL *x) return 1; -err: + err: return 0; } diff --git a/externals/libressl/crypto/asn1/t_pkey.c b/externals/libressl/crypto/asn1/t_pkey.c index b3f7d084c..a30738123 100755 --- a/externals/libressl/crypto/asn1/t_pkey.c +++ b/externals/libressl/crypto/asn1/t_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_pkey.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: t_pkey.c,v 1.17 2021/12/04 16:08:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "bn_lcl.h" + int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, int off) diff --git a/externals/libressl/crypto/asn1/t_req.c b/externals/libressl/crypto/asn1/t_req.c index a9b14fed7..cc9da4643 100755 --- a/externals/libressl/crypto/asn1/t_req.c +++ b/externals/libressl/crypto/asn1/t_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_req.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: t_req.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,6 +74,8 @@ #include #endif +#include "x509_lcl.h" + int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { @@ -192,7 +194,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ii = 0; count = sk_ASN1_TYPE_num( a->value.set); -get_next: + get_next: at = sk_ASN1_TYPE_value( a->value.set, ii); type = at->type; @@ -255,7 +257,7 @@ get_next: return (1); -err: + err: X509error(ERR_R_BUF_LIB); return (0); } diff --git a/externals/libressl/crypto/asn1/t_spki.c b/externals/libressl/crypto/asn1/t_spki.c index 39ff0670b..56c0956ce 100755 --- a/externals/libressl/crypto/asn1/t_spki.c +++ b/externals/libressl/crypto/asn1/t_spki.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_spki.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: t_spki.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -71,6 +71,8 @@ #include #endif +#include "x509_lcl.h" + /* Print out an SPKI */ int @@ -94,7 +96,8 @@ NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) } chal = spki->spkac->challenge; if (chal->length) - BIO_printf(out, " Challenge String: %s\n", chal->data); + BIO_printf(out, " Challenge String: %.*s\n", chal->length, + chal->data); i = OBJ_obj2nid(spki->sig_algor->algorithm); BIO_printf(out, " Signature Algorithm: %s", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); diff --git a/externals/libressl/crypto/asn1/t_x509.c b/externals/libressl/crypto/asn1/t_x509.c index 73a0491c0..563edac07 100755 --- a/externals/libressl/crypto/asn1/t_x509.c +++ b/externals/libressl/crypto/asn1/t_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509.c,v 1.32 2020/04/10 07:05:24 tb Exp $ */ +/* $OpenBSD: t_x509.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -78,6 +78,7 @@ #endif #include "asn1_locl.h" +#include "x509_lcl.h" int X509_print_fp(FILE *fp, X509 *x) @@ -180,7 +181,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), - nmindent, nmflags) < 0) + nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0)) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; @@ -203,7 +204,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_get_subject_name(x), - nmindent, nmflags) < 0) + nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0)) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; @@ -243,7 +244,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } ret = 1; -err: + err: free(m); return (ret); } @@ -261,10 +262,12 @@ X509_ocspid_print(BIO *bp, X509 *x) in OCSP requests */ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) goto err; - derlen = i2d_X509_NAME(x->cert_info->subject, NULL); + if ((derlen = i2d_X509_NAME(x->cert_info->subject, NULL)) <= 0) + goto err; if ((der = dertmp = malloc(derlen)) == NULL) goto err; - i2d_X509_NAME(x->cert_info->subject, &dertmp); + if (i2d_X509_NAME(x->cert_info->subject, &dertmp) <= 0) + goto err; if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) goto err; @@ -292,7 +295,7 @@ X509_ocspid_print(BIO *bp, X509 *x) return (1); -err: + err: free(der); return (0); } @@ -348,36 +351,6 @@ X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig) return 1; } -int -ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) -{ - int i, n; - char buf[80]; - const char *p; - - if (v == NULL) - return (0); - n = 0; - p = (const char *)v->data; - for (i = 0; i < v->length; i++) { - if ((p[i] > '~') || ((p[i] < ' ') && - (p[i] != '\n') && (p[i] != '\r'))) - buf[n] = '.'; - else - buf[n] = p[i]; - n++; - if (n >= 80) { - if (BIO_write(bp, buf, n) <= 0) - return (0); - n = 0; - } - } - if (n > 0) - if (BIO_write(bp, buf, n) <= 0) - return (0); - return (1); -} - int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { @@ -443,7 +416,7 @@ ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) else return (1); -err: + err: BIO_write(bp, "Bad time value", 14); return (0); } @@ -486,7 +459,7 @@ ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) else return (1); -err: + err: BIO_write(bp, "Bad time value", 14); return (0); } @@ -532,7 +505,7 @@ X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) ret = 1; if (0) { -err: + err: X509error(ERR_R_BUF_LIB); } free(b); diff --git a/externals/libressl/crypto/asn1/t_x509a.c b/externals/libressl/crypto/asn1/t_x509a.c index fd68211b8..6745318b9 100755 --- a/externals/libressl/crypto/asn1/t_x509a.c +++ b/externals/libressl/crypto/asn1/t_x509a.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509a.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: t_x509a.c,v 1.10 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,8 +62,9 @@ #include #include -/* X509_CERT_AUX and string set routines - */ +#include "x509_lcl.h" + +/* X509_CERT_AUX and string set routines */ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) @@ -105,8 +106,8 @@ X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); if (aux->alias) - BIO_printf(out, "%*sAlias: %s\n", indent, "", - aux->alias->data); + BIO_printf(out, "%*sAlias: %.*s\n", indent, "", + aux->alias->length, aux->alias->data); if (aux->keyid) { BIO_printf(out, "%*sKey Id: ", indent, ""); for (i = 0; i < aux->keyid->length; i++) diff --git a/externals/libressl/crypto/asn1/tasn_dec.c b/externals/libressl/crypto/asn1/tasn_dec.c index 70dc355ca..d475c9967 100755 --- a/externals/libressl/crypto/asn1/tasn_dec.c +++ b/externals/libressl/crypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.37 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.49 2022/03/13 14:58:14 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,14 +56,18 @@ * */ - +#include #include #include + #include #include -#include #include #include +#include + +#include "asn1_locl.h" +#include "bytestring.h" /* Constructed types with a recursive definition (such as can be found in PKCS7) * could eventually exceed the stack given malicious input with excessive @@ -74,15 +78,16 @@ static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); -static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, +static int asn1_collect(CBB *cbb, const unsigned char **in, long len, char inf, int tag, int aclass, int depth); -static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); - static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, const unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx); +static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, + int depth); static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, @@ -90,68 +95,44 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); +static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, + int utype, const ASN1_ITEM *it); -/* Table to convert tags to bit values, used for MSTRING type */ -static const unsigned long tag2bit[32] = { - 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ - B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ - B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ - B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ - B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ - B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ - B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ - B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ - B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ -}; - -unsigned long -ASN1_tag2bit(int tag) +static void +asn1_tlc_invalidate(ASN1_TLC *ctx) { - if ((tag < 0) || (tag > 30)) - return 0; - return tag2bit[tag]; + if (ctx != NULL) + ctx->valid = 0; } -/* Macro to initialize and invalidate the cache */ - -#define asn1_tlc_clear(c) if (c) (c)->valid = 0 -/* Version to avoid compiler warning about 'c' always non-NULL */ -#define asn1_tlc_clear_nc(c) (c)->valid = 0 - -/* Decode an ASN1 item, this currently behaves just - * like a standard 'd2i' function. 'in' points to - * a buffer to read the data from, in future we will - * have more advanced versions that can input data - * a piece at a time and this will simply be a special - * case. - */ - ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) { - ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + ASN1_TLC ctx; - if (!pval) + asn1_tlc_invalidate(&ctx); + + if (pval == NULL) pval = &ptmpval; - asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; - return NULL; + if (asn1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &ctx, 0) <= 0) + return NULL; + + return *pval; } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) { - ASN1_TLC c; + ASN1_TLC ctx; - asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); + asn1_tlc_invalidate(&ctx); + + return asn1_template_ex_d2i(pval, in, len, tt, 0, &ctx, 0); } - /* Decode an item, taking care of IMPLICIT tagging, if any. * If 'opt' set and tag mismatch return -1 to handle OPTIONAL */ @@ -210,6 +191,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit + * tagging, so if tag != -1, then this looks like an error in + * the template. + */ + if (tag != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + goto err; + } + p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, @@ -245,6 +236,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit + * tagging, so if tag != -1, then this looks like an error in + * the template. + */ + if (tag != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + goto err; + } + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; @@ -446,9 +447,9 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, return 0; } -auxerr: + auxerr: ASN1error(ASN1_R_AUX_ERROR); -err: + err: if (combine == 0) ASN1_item_ex_free(pval, it); if (errtt) @@ -535,7 +536,7 @@ asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, *in = p; return 1; -err: + err: ASN1_template_free(val, tt); return 0; } @@ -652,7 +653,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, *in = p; return 1; -err: + err: ASN1_template_free(val, tt); return 0; } @@ -663,15 +664,15 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen, { int ret = 0, utype; long plen; - char cst, inf, free_cont = 0; + char cst, inf; const unsigned char *p; - BUF_MEM buf; - const unsigned char *cont = NULL; + const unsigned char *content = NULL; + uint8_t *data = NULL; + size_t data_len = 0; + CBB cbb; long len; - buf.length = 0; - buf.max = 0; - buf.data = NULL; + memset(&cbb, 0, sizeof(cbb)); if (!pval) { ASN1error(ASN1_R_ILLEGAL_NULL); @@ -726,69 +727,68 @@ asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen, * when we have a exact match wont work */ if (utype == V_ASN1_OTHER) { - asn1_tlc_clear(ctx); - } - /* SEQUENCE and SET must be constructed */ - else if (!cst) { + asn1_tlc_invalidate(ctx); + } else if (!cst) { + /* SEQUENCE and SET must be constructed */ ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; } - cont = *in; + content = *in; /* If indefinite length constructed find the real end */ if (inf) { if (!asn1_find_end(&p, plen, inf)) goto err; - len = p - cont; + len = p - content; } else { - len = p - cont + plen; + len = p - content + plen; p += plen; - buf.data = NULL; } } else if (cst) { - /* Should really check the internal tags are correct but + /* + * Should really check the internal tags are correct but * some things may get this wrong. The relevant specs * say that constructed string types should be OCTET STRINGs * internally irrespective of the type. So instead just check * for UNIVERSAL class and ignore the tag. */ - if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - free_cont = 1; + if (!CBB_init(&cbb, 0)) goto err; - } - len = buf.length; - /* Append a final null to string */ - if (!BUF_MEM_grow_clean(&buf, len + 1)) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - buf.data[len] = 0; - cont = (const unsigned char *)buf.data; - free_cont = 1; + if (!asn1_collect(&cbb, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) + goto err; + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (data_len > LONG_MAX) + goto err; + + content = data; + len = data_len; } else { - cont = p; + content = p; len = plen; p += plen; } /* We now have content length and type: translate into a structure */ - if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) + if (!asn1_ex_c2i(pval, content, len, utype, it)) goto err; *in = p; ret = 1; -err: - if (free_cont && buf.data) - free(buf.data); + err: + CBB_cleanup(&cbb); + freezero(data, data_len); + return ret; } /* Translate ASN1 content octets into a structure */ -int -asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, - char *free_cont, const ASN1_ITEM *it) +static int +asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype, + const ASN1_ITEM *it) { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; @@ -798,10 +798,11 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, if (it->funcs != NULL) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + char free_content = 0; if (pf->prim_c2i == NULL) return 0; - return pf->prim_c2i(pval, cont, len, utype, free_cont, it); + return pf->prim_c2i(pval, content, len, utype, &free_content, it); } /* If ANY type clear type and set pointer to internal value */ @@ -821,7 +822,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, } switch (utype) { case V_ASN1_OBJECT: - if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) + if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &content, len)) goto err; break; @@ -840,19 +841,19 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, } else { ASN1_BOOLEAN *tbool; tbool = (ASN1_BOOLEAN *)pval; - *tbool = *cont; + *tbool = *content; } break; case V_ASN1_BIT_STRING: - if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) + if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &content, len)) goto err; break; case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: tint = (ASN1_INTEGER **)pval; - if (!c2i_ASN1_INTEGER(tint, &cont, len)) + if (!c2i_ASN1_INTEGER(tint, &content, len)) goto err; /* Fixup type to match the expected form */ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); @@ -884,10 +885,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); goto err; } - /* All based on ASN1_STRING and handled the same */ - if (!*pval) { - stmp = ASN1_STRING_type_new(utype); - if (!stmp) { + /* All based on ASN1_STRING and handled the same way. */ + if (*pval == NULL) { + if ((stmp = ASN1_STRING_type_new(utype)) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); goto err; } @@ -896,19 +896,10 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, stmp = (ASN1_STRING *)*pval; stmp->type = utype; } - /* If we've already allocated a buffer use it */ - if (*free_cont) { - free(stmp->data); - stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ - stmp->length = len; - *free_cont = 0; - } else { - if (!ASN1_STRING_set(stmp, cont, len)) { - ASN1error(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(stmp); - *pval = NULL; - goto err; - } + if (!ASN1_STRING_set(stmp, content, len)) { + ASN1_STRING_free(stmp); + *pval = NULL; + goto err; } break; } @@ -918,7 +909,7 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, ret = 1; -err: + err: if (!ret) { ASN1_TYPE_free(typ); if (opval) @@ -927,7 +918,6 @@ err: return ret; } - /* This function finds the end of an ASN1 structure when passed its maximum * length, whether it is indefinite length and a pointer to the content. * This is more efficient than calling asn1_collect because it does not @@ -996,21 +986,21 @@ asn1_find_end(const unsigned char **in, long len, char inf) #endif static int -asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, +asn1_collect(CBB *cbb, const unsigned char **in, long len, char inf, int tag, int aclass, int depth) { const unsigned char *p, *q; long plen; char cst, ininf; + if (depth > ASN1_MAX_STRING_NEST) { + ASN1error(ASN1_R_NESTED_ASN1_STRING); + return 0; + } + p = *in; inf &= 1; - /* If no buffer and not indefinite length constructed just pass over - * the encoded data */ - if (!buf && !inf) { - *in += len; - return 1; - } + while (len > 0) { q = p; /* Check for EOC */ @@ -1033,15 +1023,14 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, /* If indefinite length constructed update max length */ if (cst) { - if (depth >= ASN1_MAX_STRING_NEST) { - ASN1error(ASN1_R_NESTED_ASN1_STRING); - return 0; - } - if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, + if (!asn1_collect(cbb, &p, plen, ininf, tag, aclass, depth + 1)) return 0; - } else if (plen && !collect_data(buf, &p, plen)) - return 0; + } else if (plen > 0) { + if (!CBB_add_bytes(cbb, p, plen)) + return 0; + p += plen; + } len -= p - q; } if (inf) { @@ -1052,22 +1041,6 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, return 1; } -static int -collect_data(BUF_MEM *buf, const unsigned char **p, long plen) -{ - int len; - if (buf) { - len = buf->length; - if (!BUF_MEM_grow_clean(buf, len + plen)) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf->data + len, *p, plen); - } - *p += plen; - return 1; -} - /* Check for ASN1 EOC and swallow it if found */ static int @@ -1125,7 +1098,7 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, */ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { ASN1error(ASN1_R_TOO_LONG); - asn1_tlc_clear(ctx); + asn1_tlc_invalidate(ctx); return 0; } } @@ -1133,7 +1106,7 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, if (i & 0x80) { ASN1error(ASN1_R_BAD_OBJECT_HEADER); - asn1_tlc_clear(ctx); + asn1_tlc_invalidate(ctx); return 0; } if (exptag >= 0) { @@ -1143,13 +1116,13 @@ asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, */ if (opt) return -1; - asn1_tlc_clear(ctx); + asn1_tlc_invalidate(ctx); ASN1error(ASN1_R_WRONG_TAG); return 0; } /* We have a tag and class match: * assume we are going to do something with it */ - asn1_tlc_clear(ctx); + asn1_tlc_invalidate(ctx); } if (i & 1) diff --git a/externals/libressl/crypto/asn1/tasn_enc.c b/externals/libressl/crypto/asn1/tasn_enc.c index d103c4d09..ee2320f85 100755 --- a/externals/libressl/crypto/asn1/tasn_enc.c +++ b/externals/libressl/crypto/asn1/tasn_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_enc.c,v 1.22 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_enc.c,v 1.24 2022/01/07 11:13:54 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,8 +61,11 @@ #include #include +#include #include +#include "asn1_locl.h" + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, @@ -152,9 +155,27 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit + * tagging, so if tag != -1, then this looks like an error in + * the template. + */ + if (tag != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + return 0; + } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit + * tagging, so if tag != -1, then this looks like an error in + * the template. + */ + if (tag != -1) { + ASN1error(ASN1_R_BAD_TEMPLATE); + return 0; + } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); diff --git a/externals/libressl/crypto/asn1/tasn_fre.c b/externals/libressl/crypto/asn1/tasn_fre.c index b621af3b3..64d385636 100755 --- a/externals/libressl/crypto/asn1/tasn_fre.c +++ b/externals/libressl/crypto/asn1/tasn_fre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_fre.c,v 1.17 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_fre.c,v 1.18 2022/01/07 12:24:17 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -62,6 +62,8 @@ #include #include +#include "asn1_locl.h" + static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); diff --git a/externals/libressl/crypto/asn1/tasn_new.c b/externals/libressl/crypto/asn1/tasn_new.c index 7c9bb9897..1f17f177f 100755 --- a/externals/libressl/crypto/asn1/tasn_new.c +++ b/externals/libressl/crypto/asn1/tasn_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_new.c,v 1.18 2019/04/01 15:48:04 jsing Exp $ */ +/* $OpenBSD: tasn_new.c,v 1.21 2022/01/07 12:24:17 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" + static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -103,10 +105,6 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (!combine) *pval = NULL; -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_push_info(it->sname); -#endif switch (it->itype) { case ASN1_ITYPE_EXTERN: @@ -136,10 +134,6 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } @@ -160,10 +154,6 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) if (!i) goto auxerr; if (i == 2) { -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; } } @@ -183,27 +173,15 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) goto auxerr; break; } -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 1; -memerr: + memerr: ASN1error(ERR_R_MALLOC_FAILURE); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; -auxerr: + auxerr: ASN1error(ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif return 0; } @@ -257,10 +235,6 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } -#ifdef CRYPTO_MDEBUG - if (tt->field_name) - CRYPTO_push_info(tt->field_name); -#endif /* If SET OF or SEQUENCE OF, its a STACK */ if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; @@ -276,11 +250,7 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) } /* Otherwise pass it back to the item routine */ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); -done: -#ifdef CRYPTO_MDEBUG - if (it->sname) - CRYPTO_pop_info(); -#endif + done: return ret; } diff --git a/externals/libressl/crypto/asn1/tasn_prn.c b/externals/libressl/crypto/asn1/tasn_prn.c index 4c676d8c0..54ec56ec2 100755 --- a/externals/libressl/crypto/asn1/tasn_prn.c +++ b/externals/libressl/crypto/asn1/tasn_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_prn.c,v 1.21 2020/03/24 10:46:38 inoguchi Exp $ */ +/* $OpenBSD: tasn_prn.c,v 1.22 2021/12/03 17:10:49 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -84,18 +84,14 @@ ASN1_PCTX default_pctx = { ASN1_PCTX * ASN1_PCTX_new(void) { - ASN1_PCTX *ret; - ret = malloc(sizeof(ASN1_PCTX)); - if (ret == NULL) { + ASN1_PCTX *p; + + if ((p = calloc(1, sizeof(ASN1_PCTX))) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return NULL; } - ret->flags = 0; - ret->nm_flags = 0; - ret->cert_flags = 0; - ret->oid_flags = 0; - ret->str_flags = 0; - return ret; + + return p; } void diff --git a/externals/libressl/crypto/asn1/tasn_typ.c b/externals/libressl/crypto/asn1/tasn_typ.c index 542713aa0..c373f3491 100755 --- a/externals/libressl/crypto/asn1/tasn_typ.c +++ b/externals/libressl/crypto/asn1/tasn_typ.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_typ.c,v 1.13 2015/07/24 15:09:52 jsing Exp $ */ +/* $OpenBSD: tasn_typ.c,v 1.17 2021/12/26 15:20:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,134 +61,6 @@ /* Declarations for string types */ -const ASN1_ITEM ASN1_INTEGER_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_INTEGER, - .sname = "ASN1_INTEGER", -}; - -ASN1_INTEGER * -d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) -{ - return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_INTEGER_it); -} - -int -i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); -} - -ASN1_INTEGER * -ASN1_INTEGER_new(void) -{ - return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); -} - -void -ASN1_INTEGER_free(ASN1_INTEGER *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); -} - - -const ASN1_ITEM ASN1_ENUMERATED_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_ENUMERATED, - .sname = "ASN1_ENUMERATED", -}; - -ASN1_ENUMERATED * -d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len) -{ - return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_ENUMERATED_it); -} - -int -i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it); -} - -ASN1_ENUMERATED * -ASN1_ENUMERATED_new(void) -{ - return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it); -} - -void -ASN1_ENUMERATED_free(ASN1_ENUMERATED *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it); -} - - -const ASN1_ITEM ASN1_BIT_STRING_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_BIT_STRING, - .sname = "ASN1_BIT_STRING", -}; - -ASN1_BIT_STRING * -d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len) -{ - return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_BIT_STRING_it); -} - -int -i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it); -} - -ASN1_BIT_STRING * -ASN1_BIT_STRING_new(void) -{ - return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it); -} - -void -ASN1_BIT_STRING_free(ASN1_BIT_STRING *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it); -} - - -const ASN1_ITEM ASN1_OCTET_STRING_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_OCTET_STRING, - .sname = "ASN1_OCTET_STRING", -}; - -ASN1_OCTET_STRING * -d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len) -{ - return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_OCTET_STRING_it); -} - -int -i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it); -} - -ASN1_OCTET_STRING * -ASN1_OCTET_STRING_new(void) -{ - return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it); -} - -void -ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it); -} - - const ASN1_ITEM ASN1_NULL_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_NULL, @@ -221,13 +93,6 @@ ASN1_NULL_free(ASN1_NULL *a) } -const ASN1_ITEM ASN1_OBJECT_it = { - .itype = ASN1_ITYPE_PRIMITIVE, - .utype = V_ASN1_OBJECT, - .sname = "ASN1_OBJECT", -}; - - const ASN1_ITEM ASN1_UTF8STRING_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_UTF8STRING, @@ -552,13 +417,13 @@ ASN1_BMPSTRING_free(ASN1_BMPSTRING *a) ASN1_item_free((ASN1_VALUE *)a, &ASN1_BMPSTRING_it); } - const ASN1_ITEM ASN1_ANY_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_ANY, .sname = "ASN1_ANY", }; + /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ const ASN1_ITEM ASN1_SEQUENCE_it = { @@ -568,31 +433,6 @@ const ASN1_ITEM ASN1_SEQUENCE_it = { }; -ASN1_TYPE * -d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len) -{ - return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &ASN1_ANY_it); -} - -int -i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it); -} - -ASN1_TYPE * -ASN1_TYPE_new(void) -{ - return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it); -} - -void -ASN1_TYPE_free(ASN1_TYPE *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it); -} - /* Multistring types */ @@ -712,6 +552,28 @@ const ASN1_ITEM ASN1_BOOLEAN_it = { .sname = "ASN1_BOOLEAN", }; +int +i2d_ASN1_BOOLEAN(int a, unsigned char **out) +{ + return ASN1_item_ex_i2d((ASN1_VALUE **)&a, out, + &ASN1_BOOLEAN_it, -1, 0); +} + +int +d2i_ASN1_BOOLEAN(int *a, const unsigned char **in, long len) +{ + ASN1_BOOLEAN abool; + + if (ASN1_item_ex_d2i((ASN1_VALUE **)&abool, in, len, &ASN1_BOOLEAN_it, + -1, 0, 0, NULL) <= 0) + return -1; + + if (a != NULL) + *a = abool; + + return abool; +} + const ASN1_ITEM ASN1_TBOOLEAN_it = { .itype = ASN1_ITYPE_PRIMITIVE, .utype = V_ASN1_BOOLEAN, diff --git a/externals/libressl/crypto/asn1/tasn_utl.c b/externals/libressl/crypto/asn1/tasn_utl.c index 391ef01a5..e64bbe1f1 100755 --- a/externals/libressl/crypto/asn1/tasn_utl.c +++ b/externals/libressl/crypto/asn1/tasn_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_utl.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: tasn_utl.c,v 1.13 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -272,7 +272,7 @@ asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) goto err; return adb->default_tt; -err: + err: /* FIXME: should log the value or OID of unsupported type */ if (nullerr) ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); diff --git a/externals/libressl/crypto/asn1/x_algor.c b/externals/libressl/crypto/asn1/x_algor.c index 2013de795..efb0c342a 100755 --- a/externals/libressl/crypto/asn1/x_algor.c +++ b/externals/libressl/crypto/asn1/x_algor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_algor.c,v 1.22 2018/05/01 19:01:27 tb Exp $ */ +/* $OpenBSD: x_algor.c,v 1.23 2021/12/12 14:27:20 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -197,12 +197,10 @@ X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) { - int param_type; + int param_type = V_ASN1_NULL; - if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) + if ((EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT) != 0) param_type = V_ASN1_UNDEF; - else - param_type = V_ASN1_NULL; X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } diff --git a/externals/libressl/crypto/asn1/x_attrib.c b/externals/libressl/crypto/asn1/x_attrib.c index 04816eab7..47b5afd95 100755 --- a/externals/libressl/crypto/asn1/x_attrib.c +++ b/externals/libressl/crypto/asn1/x_attrib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_attrib.c,v 1.14 2020/06/04 21:21:03 schwarze Exp $ */ +/* $OpenBSD: x_attrib.c,v 1.16 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* X509_ATTRIBUTE: this has the following form: * * typedef struct x509_attributes_st @@ -192,7 +194,7 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value) ASN1_TYPE_set(val, atrtype, value); return (ret); -err: + err: if (ret != NULL) X509_ATTRIBUTE_free(ret); if (val != NULL) diff --git a/externals/libressl/crypto/asn1/x_crl.c b/externals/libressl/crypto/asn1/x_crl.c index bc1783dbf..35d9007f7 100755 --- a/externals/libressl/crypto/asn1/x_crl.c +++ b/externals/libressl/crypto/asn1/x_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_crl.c,v 1.34 2019/03/13 20:34:00 tb Exp $ */ +/* $OpenBSD: x_crl.c,v 1.37 2022/02/24 22:05:06 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,7 @@ #include #include "asn1_locl.h" +#include "x509_lcl.h" static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b); @@ -287,9 +288,7 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) break; case ASN1_OP_D2I_POST: -#ifndef OPENSSL_NO_SHA - X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -#endif + X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL); crl->idp = X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, NULL, NULL); if (crl->idp) @@ -659,14 +658,15 @@ X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), { X509_CRL_METHOD *m; - m = malloc(sizeof(X509_CRL_METHOD)); - if (!m) + if ((m = calloc(1, sizeof(X509_CRL_METHOD))) == NULL) return NULL; + m->crl_init = crl_init; m->crl_free = crl_free; m->crl_lookup = crl_lookup; m->crl_verify = crl_verify; m->flags = X509_CRL_METHOD_DYNAMIC; + return m; } diff --git a/externals/libressl/crypto/asn1/x_exten.c b/externals/libressl/crypto/asn1/x_exten.c index bb3dffc82..aba897363 100755 --- a/externals/libressl/crypto/asn1/x_exten.c +++ b/externals/libressl/crypto/asn1/x_exten.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_exten.c,v 1.16 2015/07/24 15:09:52 jsing Exp $ */ +/* $OpenBSD: x_exten.c,v 1.17 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = { { .offset = offsetof(X509_EXTENSION, object), diff --git a/externals/libressl/crypto/asn1/x_name.c b/externals/libressl/crypto/asn1/x_name.c index 4bf184252..4c698ac2f 100755 --- a/externals/libressl/crypto/asn1/x_name.c +++ b/externals/libressl/crypto/asn1/x_name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_name.c,v 1.34 2018/02/20 17:09:20 jsing Exp $ */ +/* $OpenBSD: x_name.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,7 @@ #include #include "asn1_locl.h" +#include "x509_lcl.h" typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) @@ -256,7 +257,7 @@ x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) *val = (ASN1_VALUE *)ret; return 1; -memerr: + memerr: ASN1error(ERR_R_MALLOC_FAILURE); if (ret) { if (ret->entries) @@ -336,7 +337,7 @@ x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, *in = p; return ret; -err: + err: if (nm.x != NULL) X509_NAME_free(nm.x); ASN1error(ERR_R_NESTED_ASN1_ERROR); @@ -421,7 +422,7 @@ x509_name_encode(X509_NAME *a) a->modified = 0; return len; -memerr: + memerr: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, local_sk_X509_NAME_ENTRY_free); ASN1error(ERR_R_MALLOC_FAILURE); @@ -511,7 +512,7 @@ x509_name_canon(X509_NAME *a) i2d_name_canon(intname, &p); ret = 1; -err: + err: if (tmpentry) X509_NAME_ENTRY_free(tmpentry); if (intname) @@ -626,19 +627,13 @@ i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in) int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if (*xn == name) + return *xn != NULL; + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } int diff --git a/externals/libressl/crypto/asn1/x_pkey.c b/externals/libressl/crypto/asn1/x_pkey.c index c946281f4..fdf0e002f 100755 --- a/externals/libressl/crypto/asn1/x_pkey.c +++ b/externals/libressl/crypto/asn1/x_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_pkey.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: x_pkey.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ X509_PKEY_new(void) ret->references = 1; return (ret); -err: + err: if (ret) { X509_ALGOR_free(ret->enc_algor); free(ret); diff --git a/externals/libressl/crypto/asn1/x_pubkey.c b/externals/libressl/crypto/asn1/x_pubkey.c index ea67419cb..69be6ed1f 100755 --- a/externals/libressl/crypto/asn1/x_pubkey.c +++ b/externals/libressl/crypto/asn1/x_pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_pubkey.c,v 1.27 2018/03/17 14:55:39 jsing Exp $ */ +/* $OpenBSD: x_pubkey.c,v 1.31 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,6 +72,8 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" +#include "x509_lcl.h" /* Minor tweak to operation: free up EVP_PKEY */ static int @@ -110,7 +112,6 @@ const ASN1_ITEM X509_PUBKEY_it = { .sname = "X509_PUBKEY", }; - X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len) { @@ -168,7 +169,7 @@ X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) return 1; -error: + error: if (pk != NULL) X509_PUBKEY_free(pk); return 0; @@ -221,7 +222,7 @@ X509_PUBKEY_get0(X509_PUBKEY *key) return ret; -error: + error: EVP_PKEY_free(ret); return (NULL); } @@ -239,168 +240,473 @@ X509_PUBKEY_get(X509_PUBKEY *key) return pkey; } -/* Now two pseudo ASN1 routines that take an EVP_PKEY structure - * and encode or decode as X509_PUBKEY +/* + * Decode an X509_PUBKEY into the specified key type. */ - -EVP_PKEY * -d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) +static int +pubkey_ex_d2i(int pkey_type, ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it) { - X509_PUBKEY *xpk; - EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); - if (!xpk) - return NULL; - pktmp = X509_PUBKEY_get(xpk); - X509_PUBKEY_free(xpk); - if (!pktmp) - return NULL; - if (a) { - EVP_PKEY_free(*a); - *a = pktmp; + const ASN1_EXTERN_FUNCS *ef = it->funcs; + const unsigned char *p = *in; + X509_PUBKEY *xpk = NULL; + ASN1_VALUE *key = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + + if ((xpk = d2i_X509_PUBKEY(NULL, &p, len)) == NULL) + goto err; + if ((pkey = X509_PUBKEY_get(xpk)) == NULL) + goto err; + + switch (pkey_type) { + case EVP_PKEY_NONE: + key = (ASN1_VALUE *)pkey; + pkey = NULL; + break; + + case EVP_PKEY_DSA: + key = (ASN1_VALUE *)EVP_PKEY_get1_DSA(pkey); + break; + + case EVP_PKEY_RSA: + key = (ASN1_VALUE *)EVP_PKEY_get1_RSA(pkey); + break; + + case EVP_PKEY_EC: + key = (ASN1_VALUE *)EVP_PKEY_get1_EC_KEY(pkey); + break; + + default: + goto err; } - return pktmp; + + if (key == NULL) + goto err; + + ef->asn1_ex_free(pval, it); + + *pval = key; + *in = p; + ret = 1; + + err: + EVP_PKEY_free(pkey); + X509_PUBKEY_free(xpk); + + return ret; } -int -i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) +/* + * Encode the specified key type into an X509_PUBKEY. + */ +static int +pubkey_ex_i2d(int pkey_type, ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it) { X509_PUBKEY *xpk = NULL; - int ret; - if (!a) - return 0; - if (!X509_PUBKEY_set(&xpk, a)) - return 0; - ret = i2d_X509_PUBKEY(xpk, pp); + EVP_PKEY *pkey, *pktmp; + int ret = -1; + + if ((pkey = pktmp = EVP_PKEY_new()) == NULL) + goto err; + + switch (pkey_type) { + case EVP_PKEY_NONE: + pkey = (EVP_PKEY *)*pval; + break; + + case EVP_PKEY_DSA: + if (!EVP_PKEY_set1_DSA(pkey, (DSA *)*pval)) + goto err; + break; + + case EVP_PKEY_RSA: + if (!EVP_PKEY_set1_RSA(pkey, (RSA *)*pval)) + goto err; + break; + + case EVP_PKEY_EC: + if (!EVP_PKEY_set1_EC_KEY(pkey, (EC_KEY*)*pval)) + goto err; + break; + + default: + goto err; + } + + if (!X509_PUBKEY_set(&xpk, pkey)) + goto err; + + ret = i2d_X509_PUBKEY(xpk, out); + + err: + EVP_PKEY_free(pktmp); X509_PUBKEY_free(xpk); + return ret; } -/* The following are equivalents but which return RSA and DSA - * keys - */ -#ifndef OPENSSL_NO_RSA -RSA * -d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) +static int +pkey_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - EVP_PKEY *pkey; - RSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - RSA_free(*a); - *a = key; - } - return key; + if ((*pval = (ASN1_VALUE *)EVP_PKEY_new()) == NULL) + return 0; + + return 1; +} + +static void +pkey_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + EVP_PKEY_free((EVP_PKEY *)*pval); + *pval = NULL; +} + +static int +pkey_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_NONE, pval, in, len, it); +} + +static int +pkey_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_NONE, pval, out, it); +} + +const ASN1_EXTERN_FUNCS pkey_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = pkey_pubkey_ex_new, + .asn1_ex_free = pkey_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = pkey_pubkey_ex_d2i, + .asn1_ex_i2d = pkey_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM EVP_PKEY_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &pkey_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + +EVP_PKEY * +d2i_PUBKEY(EVP_PKEY **pkey, const unsigned char **in, long len) +{ + return (EVP_PKEY *)ASN1_item_d2i((ASN1_VALUE **)pkey, in, len, + &EVP_PKEY_PUBKEY_it); } int -i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) +i2d_PUBKEY(EVP_PKEY *pkey, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) + return ASN1_item_i2d((ASN1_VALUE *)pkey, out, &EVP_PKEY_PUBKEY_it); +} + +EVP_PKEY * +d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **pkey) +{ + return (EVP_PKEY *)ASN1_item_d2i_bio(&EVP_PKEY_PUBKEY_it, bp, + (ASN1_VALUE **)pkey); +} + +int +i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) +{ + return ASN1_item_i2d_bio(&EVP_PKEY_PUBKEY_it, bp, (ASN1_VALUE *)pkey); +} + +EVP_PKEY * +d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **pkey) +{ + return (EVP_PKEY *)ASN1_item_d2i_fp(&EVP_PKEY_PUBKEY_it, fp, + (ASN1_VALUE **)pkey); +} + +int +i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) +{ + return ASN1_item_i2d_fp(&EVP_PKEY_PUBKEY_it, fp, (ASN1_VALUE *)pkey); +} + +/* + * The following are equivalents but which return RSA and DSA keys. + */ +#ifndef OPENSSL_NO_RSA + +static int +rsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if ((*pval = (ASN1_VALUE *)RSA_new()) == NULL) return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_RSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; + + return 1; +} + +static void +rsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + RSA_free((RSA *)*pval); + *pval = NULL; +} + +static int +rsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_RSA, pval, in, len, it); +} + +static int +rsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_RSA, pval, out, it); +} + +const ASN1_EXTERN_FUNCS rsa_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = rsa_pubkey_ex_new, + .asn1_ex_free = rsa_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = rsa_pubkey_ex_d2i, + .asn1_ex_i2d = rsa_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM RSA_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &rsa_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + +RSA * +d2i_RSA_PUBKEY(RSA **rsa, const unsigned char **in, long len) +{ + return (RSA *)ASN1_item_d2i((ASN1_VALUE **)rsa, in, len, + &RSA_PUBKEY_it); +} + +int +i2d_RSA_PUBKEY(RSA *rsa, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)rsa, out, &RSA_PUBKEY_it); +} + +RSA * +d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) +{ + return (RSA *)ASN1_item_d2i_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE **)rsa); +} + +int +i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) +{ + return ASN1_item_i2d_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE *)rsa); +} + +RSA * +d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) +{ + return (RSA *)ASN1_item_d2i_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE **)rsa); +} + +int +i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) +{ + return ASN1_item_i2d_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE *)rsa); } #endif #ifndef OPENSSL_NO_DSA -DSA * -d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) + +static int +dsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - EVP_PKEY *pkey; - DSA *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return NULL; - key = EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - if (!key) - return NULL; - *pp = q; - if (a) { - DSA_free(*a); - *a = key; - } - return key; + if ((*pval = (ASN1_VALUE *)DSA_new()) == NULL) + return 0; + + return 1; +} + +static void +dsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + DSA_free((DSA *)*pval); + *pval = NULL; +} + +static int +dsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_DSA, pval, in, len, it); +} + +static int +dsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_DSA, pval, out, it); +} + +const ASN1_EXTERN_FUNCS dsa_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = dsa_pubkey_ex_new, + .asn1_ex_free = dsa_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = dsa_pubkey_ex_d2i, + .asn1_ex_i2d = dsa_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM DSA_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &dsa_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + +DSA * +d2i_DSA_PUBKEY(DSA **dsa, const unsigned char **in, long len) +{ + return (DSA *)ASN1_item_d2i((ASN1_VALUE **)dsa, in, len, + &DSA_PUBKEY_it); } int -i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) +i2d_DSA_PUBKEY(DSA *dsa, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (!pktmp) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - EVP_PKEY_set1_DSA(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return ret; + return ASN1_item_i2d((ASN1_VALUE *)dsa, out, &DSA_PUBKEY_it); } + +DSA * +d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) +{ + return (DSA *)ASN1_item_d2i_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE **)dsa); +} + +int +i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) +{ + return ASN1_item_i2d_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE *)dsa); +} + +DSA * +d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) +{ + return (DSA *)ASN1_item_d2i_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE **)dsa); +} + +int +i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) +{ + return ASN1_item_i2d_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE *)dsa); +} + #endif #ifndef OPENSSL_NO_EC -EC_KEY * -d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) + +static int +ec_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - EVP_PKEY *pkey; - EC_KEY *key; - const unsigned char *q; - q = *pp; - pkey = d2i_PUBKEY(NULL, &q, length); - if (!pkey) - return (NULL); - key = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - if (!key) - return (NULL); - *pp = q; - if (a) { - EC_KEY_free(*a); - *a = key; - } - return (key); + if ((*pval = (ASN1_VALUE *)EC_KEY_new()) == NULL) + return 0; + + return 1; +} + +static void +ec_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + EC_KEY_free((EC_KEY *)*pval); + *pval = NULL; +} + +static int +ec_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return pubkey_ex_d2i(EVP_PKEY_EC, pval, in, len, it); +} + +static int +ec_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) +{ + return pubkey_ex_i2d(EVP_PKEY_EC, pval, out, it); +} + +const ASN1_EXTERN_FUNCS ec_pubkey_asn1_ff = { + .app_data = NULL, + .asn1_ex_new = ec_pubkey_ex_new, + .asn1_ex_free = ec_pubkey_ex_free, + .asn1_ex_clear = NULL, + .asn1_ex_d2i = ec_pubkey_ex_d2i, + .asn1_ex_i2d = ec_pubkey_ex_i2d, + .asn1_ex_print = NULL, +}; + +const ASN1_ITEM EC_PUBKEY_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = 0, + .templates = NULL, + .tcount = 0, + .funcs = &ec_pubkey_asn1_ff, + .size = 0, + .sname = NULL, +}; + +EC_KEY * +d2i_EC_PUBKEY(EC_KEY **ec, const unsigned char **in, long len) +{ + return (EC_KEY *)ASN1_item_d2i((ASN1_VALUE **)ec, in, len, + &EC_PUBKEY_it); } int -i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) +i2d_EC_PUBKEY(EC_KEY *ec, unsigned char **out) { - EVP_PKEY *pktmp; - int ret; - if (!a) - return (0); - if ((pktmp = EVP_PKEY_new()) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return (0); - } - EVP_PKEY_set1_EC_KEY(pktmp, a); - ret = i2d_PUBKEY(pktmp, pp); - EVP_PKEY_free(pktmp); - return (ret); + return ASN1_item_i2d((ASN1_VALUE *)ec, out, &EC_PUBKEY_it); +} + +EC_KEY * +d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **ec) +{ + return (EC_KEY *)ASN1_item_d2i_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE **)ec); +} + +int +i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ec) +{ + return ASN1_item_i2d_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE *)ec); +} + +EC_KEY * +d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **ec) +{ + return (EC_KEY *)ASN1_item_d2i_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE **)ec); +} + +int +i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *ec) +{ + return ASN1_item_i2d_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE *)ec); } #endif diff --git a/externals/libressl/crypto/asn1/x_req.c b/externals/libressl/crypto/asn1/x_req.c index eb5210aef..38e3790bf 100755 --- a/externals/libressl/crypto/asn1/x_req.c +++ b/externals/libressl/crypto/asn1/x_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_req.c,v 1.17 2018/02/22 16:50:30 jsing Exp $ */ +/* $OpenBSD: x_req.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + /* X509_REQ_INFO is handled in an unusual way to get round * invalid encodings. Some broken certificate requests don't * encode the attributes field if it is empty. This is in diff --git a/externals/libressl/crypto/asn1/x_sig.c b/externals/libressl/crypto/asn1/x_sig.c index 702bc40e5..6a842da5f 100755 --- a/externals/libressl/crypto/asn1/x_sig.c +++ b/externals/libressl/crypto/asn1/x_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_sig.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: x_sig.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_TEMPLATE X509_SIG_seq_tt[] = { { .offset = offsetof(X509_SIG, algor), @@ -108,3 +110,22 @@ X509_SIG_free(X509_SIG *a) { ASN1_item_free((ASN1_VALUE *)a, &X509_SIG_it); } + +void +X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest) +{ + if (palg != NULL) + *palg = sig->algor; + if (pdigest != NULL) + *pdigest = sig->digest; +} + +void +X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest) +{ + if (palg != NULL) + *palg = sig->algor; + if (pdigest != NULL) + *pdigest = sig->digest; +} diff --git a/externals/libressl/crypto/asn1/x_x509.c b/externals/libressl/crypto/asn1/x_x509.c index 6a56a795c..7147069e8 100755 --- a/externals/libressl/crypto/asn1/x_x509.c +++ b/externals/libressl/crypto/asn1/x_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_x509.c,v 1.26 2018/02/17 15:50:42 jsing Exp $ */ +/* $OpenBSD: x_x509.c,v 1.30 2021/12/25 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + static const ASN1_AUX X509_CINF_aux = { .flags = ASN1_AFLG_ENCODING, .enc_offset = offsetof(X509_CINF, enc), @@ -185,6 +187,10 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) ret->akid = NULL; ret->aux = NULL; ret->crldp = NULL; +#ifndef OPENSSL_NO_RFC3779 + ret->rfc3779_addr = NULL; + ret->rfc3779_asid = NULL; +#endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); break; @@ -202,6 +208,10 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) policy_cache_free(ret->policy_cache); GENERAL_NAMES_free(ret->altname); NAME_CONSTRAINTS_free(ret->nc); +#ifndef OPENSSL_NO_RFC3779 + sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); + ASIdentifiers_free(ret->rfc3779_asid); +#endif free(ret->name); ret->name = NULL; break; @@ -329,7 +339,7 @@ d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) } return ret; -err: + err: X509_free(ret); return NULL; } @@ -345,6 +355,13 @@ i2d_X509_AUX(X509 *a, unsigned char **pp) return length; } +int +i2d_re_X509_tbs(X509 *x, unsigned char **pp) +{ + x->cert_info->enc.modified = 1; + return i2d_X509_CINF(x->cert_info, pp); +} + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) diff --git a/externals/libressl/crypto/asn1/x_x509a.c b/externals/libressl/crypto/asn1/x_x509a.c index b0d7150b9..87dc045a5 100755 --- a/externals/libressl/crypto/asn1/x_x509a.c +++ b/externals/libressl/crypto/asn1/x_x509a.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_x509a.c,v 1.15 2018/05/01 19:01:27 tb Exp $ */ +/* $OpenBSD: x_x509a.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* X509_CERT_AUX routines. These are used to encode additional * user modifiable data about a certificate. This data is * appended to the X509 encoding when the *_X509_AUX routines @@ -226,7 +228,7 @@ X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) if (rc != 0) return rc; -err: + err: ASN1_OBJECT_free(objtmp); return 0; } @@ -248,7 +250,7 @@ X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) if (rc != 0) return rc; -err: + err: ASN1_OBJECT_free(objtmp); return 0; } @@ -270,56 +272,3 @@ X509_reject_clear(X509 *x) x->aux->reject = NULL; } } - -static const ASN1_TEMPLATE X509_CERT_PAIR_seq_tt[] = { - { - .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(X509_CERT_PAIR, forward), - .field_name = "forward", - .item = &X509_it, - }, - { - .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 1, - .offset = offsetof(X509_CERT_PAIR, reverse), - .field_name = "reverse", - .item = &X509_it, - }, -}; - -const ASN1_ITEM X509_CERT_PAIR_it = { - .itype = ASN1_ITYPE_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = X509_CERT_PAIR_seq_tt, - .tcount = sizeof(X509_CERT_PAIR_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(X509_CERT_PAIR), - .sname = "X509_CERT_PAIR", -}; - - -X509_CERT_PAIR * -d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len) -{ - return (X509_CERT_PAIR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &X509_CERT_PAIR_it); -} - -int -i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_PAIR_it); -} - -X509_CERT_PAIR * -X509_CERT_PAIR_new(void) -{ - return (X509_CERT_PAIR *)ASN1_item_new(&X509_CERT_PAIR_it); -} - -void -X509_CERT_PAIR_free(X509_CERT_PAIR *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_PAIR_it); -} diff --git a/externals/libressl/crypto/bio/b_dump.c b/externals/libressl/crypto/bio/b_dump.c index 0214addc8..7e1c2d794 100755 --- a/externals/libressl/crypto/bio/b_dump.c +++ b/externals/libressl/crypto/bio/b_dump.c @@ -1,10 +1,10 @@ -/* $OpenBSD: b_dump.c,v 1.21 2015/04/23 06:11:19 deraadt Exp $ */ +/* $OpenBSD: b_dump.c,v 1.22 2021/07/11 20:18:07 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. +* The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions @@ -82,7 +82,7 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), { int ret = 0; char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc; + int i, j, rows, trc, written; unsigned char ch; int dump_width; @@ -133,13 +133,18 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), /* if this is the last call then update the ddt_dump thing so * that we will move the selection point in the debug window */ - ret += cb((void *)buf, strlen(buf), u); + if ((written = cb((void *)buf, strlen(buf), u)) < 0) + return -1; + ret += written; + } #ifdef TRUNCATE if (trc > 0) { snprintf(buf, sizeof buf, "%s%04x - \n", str, len + trc); - ret += cb((void *)buf, strlen(buf), u); + if ((written = cb((void *)buf, strlen(buf), u)) < 0) + return -1; + ret += written; } #endif return (ret); diff --git a/externals/libressl/crypto/bio/bf_buff.c b/externals/libressl/crypto/bio/bf_buff.c index 5b9ee35da..aa079c5f9 100755 --- a/externals/libressl/crypto/bio/bf_buff.c +++ b/externals/libressl/crypto/bio/bf_buff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_buff.c,v 1.25 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_buff.c,v 1.27 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "bio_local.h" + static int buffer_write(BIO *h, const char *buf, int num); static int buffer_read(BIO *h, char *buf, int size); static int buffer_puts(BIO *h, const char *str); @@ -70,7 +72,7 @@ static int buffer_gets(BIO *h, char *str, int size); static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); -static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define DEFAULT_BUFFER_SIZE 4096 static const BIO_METHOD methods_buffer = { @@ -450,7 +452,7 @@ malloc_error: } static long -buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/externals/libressl/crypto/bio/bf_nbio.c b/externals/libressl/crypto/bio/bf_nbio.c index 05fa9161f..086479ec4 100755 --- a/externals/libressl/crypto/bio/bf_nbio.c +++ b/externals/libressl/crypto/bio/bf_nbio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_nbio.c,v 1.20 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_nbio.c,v 1.22 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "bio_local.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -72,7 +74,7 @@ static int nbiof_gets(BIO *h, char *str, int size); static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nbiof_new(BIO *h); static int nbiof_free(BIO *data); -static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct nbio_test_st { /* only set if we sent a 'should retry' error */ @@ -221,7 +223,7 @@ nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/externals/libressl/crypto/bio/bf_null.c b/externals/libressl/crypto/bio/bf_null.c index 25abb8a57..129def8c9 100755 --- a/externals/libressl/crypto/bio/bf_null.c +++ b/externals/libressl/crypto/bio/bf_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bf_null.c,v 1.12 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bf_null.c,v 1.14 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include +#include "bio_local.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -71,7 +73,7 @@ static int nullf_gets(BIO *h, char *str, int size); static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nullf_new(BIO *h); static int nullf_free(BIO *data); -static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_nullf = { .type = BIO_TYPE_NULL_FILTER, @@ -165,7 +167,7 @@ nullf_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/externals/libressl/crypto/bio/bio_cb.c b/externals/libressl/crypto/bio/bio_cb.c index ab0e3a92c..2ca411cd2 100755 --- a/externals/libressl/crypto/bio/bio_cb.c +++ b/externals/libressl/crypto/bio/bio_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_cb.c,v 1.16 2014/12/08 03:54:19 bcook Exp $ */ +/* $OpenBSD: bio_cb.c,v 1.18 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "bio_local.h" + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) @@ -70,15 +72,22 @@ BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, BIO *b; char buf[256]; char *p; + int nbuf; long r = 1; size_t p_maxlen; if (BIO_CB_RETURN & cmd) r = ret; - snprintf(buf, sizeof buf, "BIO[%p]:", bio); - p = &(buf[14]); - p_maxlen = sizeof buf - 14; + nbuf = snprintf(buf, sizeof(buf), "BIO[%p]: ", bio); + if (nbuf < 0) + nbuf = 0; /* Ignore error; continue printing. */ + if (nbuf >= sizeof(buf)) + goto out; + + p = buf + nbuf; + p_maxlen = sizeof(buf) - nbuf; + switch (cmd) { case BIO_CB_FREE: snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); @@ -136,6 +145,7 @@ BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, break; } + out: b = (BIO *)bio->cb_arg; if (b != NULL) BIO_write(b, buf, strlen(buf)); diff --git a/externals/libressl/crypto/bio/bio_err.c b/externals/libressl/crypto/bio/bio_err.c index 2920e3210..cda693d03 100755 --- a/externals/libressl/crypto/bio/bio_err.c +++ b/externals/libressl/crypto/bio/bio_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_err.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bio_err.c,v 1.18 2022/01/14 08:40:57 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -92,6 +92,7 @@ static ERR_STRING_DATA BIO_str_reasons[] = { {ERR_REASON(BIO_R_INVALID_PORT_NUMBER) , "invalid port number"}, {ERR_REASON(BIO_R_IN_USE) , "in use"}, {ERR_REASON(BIO_R_KEEPALIVE) , "keepalive"}, + {ERR_REASON(BIO_R_LENGTH_TOO_LONG) , "too long"}, {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) , "nbio connect error"}, {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) , "no hostname specified"}, diff --git a/externals/libressl/crypto/bio/bio_lib.c b/externals/libressl/crypto/bio/bio_lib.c index 7ef1784e1..0b6c9ecac 100755 --- a/externals/libressl/crypto/bio/bio_lib.c +++ b/externals/libressl/crypto/bio/bio_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_lib.c,v 1.29 2019/04/14 17:39:03 jsing Exp $ */ +/* $OpenBSD: bio_lib.c,v 1.35 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,6 +65,57 @@ #include #include +#include "bio_local.h" + +/* + * Helper function to work out whether to call the new style callback or the old + * one, and translate between the two. + * + * This has a long return type for consistency with the old callback. Similarly + * for the "long" used for "inret" + */ +static long +bio_call_callback(BIO *b, int oper, const char *argp, size_t len, int argi, + long argl, long inret, size_t *processed) +{ + long ret; + int bareoper; + + if (b->callback_ex != NULL) + return b->callback_ex(b, oper, argp, len, argi, argl, inret, + processed); + + /* + * We have an old style callback, so we will have to do nasty casts and + * check for overflows. + */ + + bareoper = oper & ~BIO_CB_RETURN; + + if (bareoper == BIO_CB_READ || bareoper == BIO_CB_WRITE || + bareoper == BIO_CB_GETS) { + /* In this case len is set and should be used instead of argi. */ + if (len > INT_MAX) + return -1; + argi = (int)len; + } + + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (*processed > INT_MAX) + return -1; + inret = *processed; + } + + ret = b->callback(b, oper, argp, argi, argl, inret); + + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + *processed = (size_t)ret; + ret = 1; + } + + return ret; +} + int BIO_get_new_index(void) { @@ -83,6 +135,7 @@ BIO_new(const BIO_METHOD *method) { BIO *ret = NULL; + /* XXX calloc */ ret = malloc(sizeof(BIO)); if (ret == NULL) { BIOerror(ERR_R_MALLOC_FAILURE); @@ -100,6 +153,7 @@ BIO_set(BIO *bio, const BIO_METHOD *method) { bio->method = method; bio->callback = NULL; + bio->callback_ex = NULL; bio->cb_arg = NULL; bio->init = 0; bio->shutdown = 1; @@ -113,29 +167,32 @@ BIO_set(BIO *bio, const BIO_METHOD *method) bio->num_read = 0L; bio->num_write = 0L; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (method->create != NULL) + if (method->create != NULL) { if (!method->create(bio)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); return (0); } + } return (1); } int BIO_free(BIO *a) { - int i; + int ret; if (a == NULL) return (0); - i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); - if (i > 0) + if (CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO) > 0) return (1); - if ((a->callback != NULL) && - ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) - return (i); + + if (a->callback != NULL || a->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); @@ -170,6 +227,12 @@ BIO_set_data(BIO *a, void *ptr) a->ptr = ptr; } +int +BIO_get_init(BIO *a) +{ + return a->init; +} + void BIO_set_init(BIO *a, int init) { @@ -206,20 +269,30 @@ BIO_set_flags(BIO *b, int flags) b->flags |= flags; } -long -(*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, int, - long, long) +BIO_callback_fn +BIO_get_callback(const BIO *b) { return b->callback; } void -BIO_set_callback(BIO *b, long (*cb)(struct bio_st *, int, const char *, int, - long, long)) +BIO_set_callback(BIO *b, BIO_callback_fn cb) { b->callback = cb; } +BIO_callback_fn_ex +BIO_get_callback_ex(const BIO *b) +{ + return b->callback_ex; +} + +void +BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) +{ + b->callback_ex = cb; +} + void BIO_set_callback_arg(BIO *b, char *arg) { @@ -247,8 +320,8 @@ BIO_method_type(const BIO *b) int BIO_read(BIO *b, void *out, int outl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t readbytes = 0; + int ret; if (b == NULL) return (0); @@ -261,33 +334,44 @@ BIO_read(BIO *b, void *out, int outl) return (-2); } - cb = b->callback; - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_READ, out, outl, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bread(b, out, outl); + if ((ret = b->method->bread(b, out, outl)) > 0) + readbytes = (size_t)ret; - if (i > 0) - b->num_read += (unsigned long)i; + b->num_read += readbytes; - if (cb != NULL) - i = (int)cb(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, - 0L, (long)i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, + out, outl, 0, 0L, (ret > 0) ? 1 : ret, &readbytes); + } - return (i); + if (ret > 0) { + if (readbytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)readbytes; + } + } + + return (ret); } int BIO_write(BIO *b, const void *in, int inl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t writebytes = 0; + int ret; if (b == NULL) return (0); @@ -300,95 +384,132 @@ BIO_write(BIO *b, const void *in, int inl) return (-2); } - cb = b->callback; - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, in, inl, 0, + 0L, 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bwrite(b, in, inl); + if ((ret = b->method->bwrite(b, in, inl)) > 0) + writebytes = ret; - if (i > 0) - b->num_write += (unsigned long)i; + b->num_write += writebytes; - if (cb != NULL) - i = (int)cb(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, - 0L, (long)i); - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, + in, inl, 0, 0L, (ret > 0) ? 1 : ret, &writebytes); + } + + if (ret > 0) { + if (writebytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)writebytes; + } + } + + return (ret); } int BIO_puts(BIO *b, const char *in) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t writebytes = 0; + int ret; - if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { + if (b == NULL || b->method == NULL || b->method->bputs == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_PUTS, in, 0, 0, 0L, + 1L, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bputs(b, in); + if ((ret = b->method->bputs(b, in)) > 0) + writebytes = ret; - if (i > 0) - b->num_write += (unsigned long)i; + b->num_write += writebytes; - if (cb != NULL) - i = (int)cb(b, BIO_CB_PUTS|BIO_CB_RETURN, in, 0, 0L, (long)i); - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, + in, 0, 0, 0L, (ret > 0) ? 1 : ret, &writebytes); + } + + if (ret > 0) { + if (writebytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)writebytes; + } + } + + return (ret); } int BIO_gets(BIO *b, char *in, int inl) { - int i; - long (*cb)(BIO *, int, const char *, int, long, long); + size_t readbytes; + int ret; - if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { + if (b == NULL || b->method == NULL || b->method->bgets == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(b, BIO_CB_GETS, in, inl, 0, 0L, + 1, NULL)) <= 0) + return (ret); + } if (!b->init) { BIOerror(BIO_R_UNINITIALIZED); return (-2); } - i = b->method->bgets(b, in, inl); + if ((ret = b->method->bgets(b, in, inl)) > 0) + readbytes = ret; - if (cb != NULL) - i = (int)cb(b, BIO_CB_GETS|BIO_CB_RETURN, in, inl, 0L, (long)i); - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, in, + inl, 0, 0L, (ret > 0) ? 1 : ret, &readbytes); + } + + if (ret > 0) { + if (readbytes > INT_MAX) { + BIOerror(BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)readbytes; + } + } + + return (ret); } int BIO_indent(BIO *b, int indent, int max) { - if (indent < 0) - indent = 0; if (indent > max) indent = max; + if (indent < 0) + indent = 0; while (indent--) if (BIO_puts(b, " ") != 1) return 0; @@ -419,54 +540,58 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) { long ret; - long (*cb)(BIO *, int, const char *, int, long, long); if (b == NULL) return (0); - if ((b->method == NULL) || (b->method->ctrl == NULL)) { + if (b->method == NULL || b->method->ctrl == NULL) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, + 1L, NULL)) <= 0) + return (ret); + } ret = b->method->ctrl(b, cmd, larg, parg); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, + cmd, larg, ret, NULL); + } + return (ret); } long -BIO_callback_ctrl(BIO *b, int cmd, - void (*fp)(struct bio_st *, int, const char *, int, long, long)) +BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret; - long (*cb)(BIO *, int, const char *, int, long, long); if (b == NULL) return (0); - if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { + if (b->method == NULL || b->method->callback_ctrl == NULL || + cmd != BIO_CTRL_SET_CALLBACK) { BIOerror(BIO_R_UNSUPPORTED_METHOD); return (-2); } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + if ((ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, + cmd, 0, 1L, NULL)) <= 0) + return (ret); + } ret = b->method->callback_ctrl(b, cmd, fp); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, + (void *)&fp, 0, cmd, 0, ret, NULL); + } + return (ret); } @@ -552,6 +677,12 @@ BIO_get_retry_reason(BIO *bio) return (bio->retry_reason); } +void +BIO_set_retry_reason(BIO *bio, int reason) +{ + bio->retry_reason = reason; +} + BIO * BIO_find_type(BIO *bio, int type) { @@ -582,6 +713,12 @@ BIO_next(BIO *b) return b->next_bio; } +void +BIO_set_next(BIO *b, BIO *next) +{ + b->next_bio = next; +} + void BIO_free_all(BIO *bio) { @@ -608,6 +745,7 @@ BIO_dup_chain(BIO *in) if ((new_bio = BIO_new(bio->method)) == NULL) goto err; new_bio->callback = bio->callback; + new_bio->callback_ex = bio->callback_ex; new_bio->cb_arg = bio->cb_arg; new_bio->init = bio->init; new_bio->shutdown = bio->shutdown; diff --git a/externals/libressl/crypto/bio/bio_local.h b/externals/libressl/crypto/bio/bio_local.h new file mode 100755 index 000000000..7e1885f39 --- /dev/null +++ b/externals/libressl/crypto/bio/bio_local.h @@ -0,0 +1,123 @@ +/* $OpenBSD: bio_local.h,v 1.3 2022/01/14 08:40:57 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BIO_LOCAL_H +#define HEADER_BIO_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct bio_method_st { + int type; + const char *name; + int (*bwrite)(BIO *, const char *, int); + int (*bread)(BIO *, char *, int); + int (*bputs)(BIO *, const char *); + int (*bgets)(BIO *, char *, int); + long (*ctrl)(BIO *, int, long, void *); + int (*create)(BIO *); + int (*destroy)(BIO *); + long (*callback_ctrl)(BIO *, int, BIO_info_cb *); +} /* BIO_METHOD */; + +struct bio_st { + const BIO_METHOD *method; + BIO_callback_fn callback; + BIO_callback_fn_ex callback_ex; + char *cb_arg; /* first argument for the callback */ + + int init; + int shutdown; + int flags; /* extra storage */ + int retry_reason; + int num; + void *ptr; + struct bio_st *next_bio; /* used by filter BIOs */ + struct bio_st *prev_bio; /* used by filter BIOs */ + int references; + unsigned long num_read; + unsigned long num_write; + + CRYPTO_EX_DATA ex_data; +} /* BIO */; + +typedef struct bio_f_buffer_ctx_struct { + /* Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + + /* BIO *bio; */ /* this is now in the BIO struct */ + int ibuf_size; /* how big is the input buffer */ + int obuf_size; /* how big is the output buffer */ + + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ +} BIO_F_BUFFER_CTX; + +__END_HIDDEN_DECLS + +#endif /* !HEADER_BIO_LOCAL_H */ diff --git a/externals/libressl/crypto/bio/bio_meth.c b/externals/libressl/crypto/bio/bio_meth.c index 4327c010b..d7d100df9 100755 --- a/externals/libressl/crypto/bio/bio_meth.c +++ b/externals/libressl/crypto/bio/bio_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_meth.c,v 1.6 2018/06/02 04:41:12 tb Exp $ */ +/* $OpenBSD: bio_meth.c,v 1.8 2022/01/14 08:40:57 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -19,6 +19,8 @@ #include +#include "bio_local.h" + BIO_METHOD * BIO_meth_new(int type, const char *name) { @@ -133,15 +135,13 @@ BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)) long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *) { - return - (long (*)(BIO *, int, BIO_info_cb *))biom->callback_ctrl; /* XXX */ + return biom->callback_ctrl; } int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl)(BIO *, int, BIO_info_cb *)) { - biom->callback_ctrl = - (long (*)(BIO *, int, bio_info_cb *))callback_ctrl; /* XXX */ + biom->callback_ctrl = callback_ctrl; return 1; } diff --git a/externals/libressl/crypto/bio/bss_acpt.c b/externals/libressl/crypto/bio/bss_acpt.c index c95ddde7b..a619bd7c5 100755 --- a/externals/libressl/crypto/bio/bss_acpt.c +++ b/externals/libressl/crypto/bio/bss_acpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_acpt.c,v 1.29 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_acpt.c,v 1.30 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,8 @@ #include #include +#include "bio_local.h" + #define SOCKET_PROTOCOL IPPROTO_TCP typedef struct bio_accept_st { diff --git a/externals/libressl/crypto/bio/bss_bio.c b/externals/libressl/crypto/bio/bss_bio.c index 74f86a51e..c92d35d11 100755 --- a/externals/libressl/crypto/bio/bss_bio.c +++ b/externals/libressl/crypto/bio/bss_bio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_bio.c,v 1.24 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bss_bio.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * @@ -84,6 +84,8 @@ #include #include +#include "bio_local.h" + static int bio_new(BIO *bio); static int bio_free(BIO *bio); static int bio_read(BIO *bio, char *buf, int size); diff --git a/externals/libressl/crypto/bio/bss_conn.c b/externals/libressl/crypto/bio/bss_conn.c index 46a37b060..8e30bccd5 100755 --- a/externals/libressl/crypto/bio/bss_conn.c +++ b/externals/libressl/crypto/bio/bss_conn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_conn.c,v 1.35 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_conn.c,v 1.37 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,8 @@ #include #include +#include "bio_local.h" + #define SOCKET_PROTOCOL IPPROTO_TCP typedef struct bio_connect_st { @@ -90,7 +92,7 @@ typedef struct bio_connect_st { /* called when the connection is initially made * callback(BIO,state,ret); The callback should return * 'ret'. state is for compatibility with the ssl info_callback */ - int (*info_callback)(const BIO *bio, int state, int ret); + BIO_info_cb *info_callback; } BIO_CONNECT; static int conn_write(BIO *h, const char *buf, int num); @@ -99,7 +101,7 @@ static int conn_puts(BIO *h, const char *str); static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int conn_new(BIO *h); static int conn_free(BIO *data); -static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); +static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *); static int conn_state(BIO *b, BIO_CONNECT *c); static void conn_close_socket(BIO *data); @@ -124,7 +126,7 @@ conn_state(BIO *b, BIO_CONNECT *c) int ret = -1, i; unsigned long l; char *p, *q; - int (*cb)(const BIO *, int, int) = NULL; + BIO_info_cb *cb = NULL; if (c->info_callback != NULL) cb = c->info_callback; @@ -521,9 +523,7 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_set_conn_hostname(dbio, data->param_hostname); BIO_set_nbio(dbio, data->nbio); - /* FIXME: the cast of the function seems unlikely to be a good idea */ - (void)BIO_set_info_callback(dbio, - (bio_info_cb *)data->info_callback); + (void)BIO_set_info_callback(dbio, data->info_callback); } break; case BIO_CTRL_SET_CALLBACK: @@ -538,9 +538,8 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(const BIO *bio, int state, int xret); + BIO_info_cb **fptr = ptr; - fptr = (int (**)(const BIO *bio, int state, int xret))ptr; *fptr = data->info_callback; } break; @@ -552,7 +551,7 @@ conn_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO_CONNECT *data; @@ -561,9 +560,7 @@ conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) switch (cmd) { case BIO_CTRL_SET_CALLBACK: - { - data->info_callback = (int (*)(const struct bio_st *, int, int))fp; - } + data->info_callback = (BIO_info_cb *)fp; break; default: ret = 0; diff --git a/externals/libressl/crypto/bio/bss_dgram.c b/externals/libressl/crypto/bio/bss_dgram.c index 794b6d1b5..fa6e2db91 100755 --- a/externals/libressl/crypto/bio/bss_dgram.c +++ b/externals/libressl/crypto/bio/bss_dgram.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_dgram.c,v 1.42 2018/05/12 17:47:53 tb Exp $ */ +/* $OpenBSD: bss_dgram.c,v 1.43 2022/01/07 09:02:17 tb Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -72,6 +72,8 @@ #include +#include "bio_local.h" + #ifndef OPENSSL_NO_DGRAM diff --git a/externals/libressl/crypto/bio/bss_fd.c b/externals/libressl/crypto/bio/bss_fd.c index bbe08efc4..7d7c42791 100755 --- a/externals/libressl/crypto/bio/bss_fd.c +++ b/externals/libressl/crypto/bio/bss_fd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_fd.c,v 1.19 2018/05/01 13:29:09 tb Exp $ */ +/* $OpenBSD: bss_fd.c,v 1.20 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include +#include "bio_local.h" + static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); static int fd_puts(BIO *h, const char *str); diff --git a/externals/libressl/crypto/bio/bss_file.c b/externals/libressl/crypto/bio/bss_file.c index fe937388b..0c9b75502 100755 --- a/externals/libressl/crypto/bio/bss_file.c +++ b/externals/libressl/crypto/bio/bss_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_file.c,v 1.33 2018/05/30 00:23:04 tb Exp $ */ +/* $OpenBSD: bss_file.c,v 1.34 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -90,6 +90,8 @@ #include #include +#include "bio_local.h" + static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); static int file_puts(BIO *h, const char *str); diff --git a/externals/libressl/crypto/bio/bss_log.c b/externals/libressl/crypto/bio/bss_log.c index 7ef1312d7..296c87ff8 100755 --- a/externals/libressl/crypto/bio/bss_log.c +++ b/externals/libressl/crypto/bio/bss_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_log.c,v 1.22 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_log.c,v 1.23 2022/01/07 09:02:17 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -70,6 +70,8 @@ #include #include +#include "bio_local.h" + #ifndef NO_SYSLOG static int slg_write(BIO *h, const char *buf, int num); diff --git a/externals/libressl/crypto/bio/bss_mem.c b/externals/libressl/crypto/bio/bss_mem.c index e76e1ad2e..2d0308323 100755 --- a/externals/libressl/crypto/bio/bss_mem.c +++ b/externals/libressl/crypto/bio/bss_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_mem.c,v 1.17 2018/05/12 18:51:59 tb Exp $ */ +/* $OpenBSD: bss_mem.c,v 1.21 2022/02/19 15:59:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,13 +65,35 @@ #include #include -static int mem_write(BIO *h, const char *buf, int num); -static int mem_read(BIO *h, char *buf, int size); -static int mem_puts(BIO *h, const char *str); -static int mem_gets(BIO *h, char *str, int size); -static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int mem_new(BIO *h); -static int mem_free(BIO *data); +#include "bio_local.h" + +struct bio_mem { + BUF_MEM *buf; + size_t read_offset; +}; + +static size_t +bio_mem_pending(struct bio_mem *bm) +{ + if (bm->read_offset > bm->buf->length) + return 0; + + return bm->buf->length - bm->read_offset; +} + +static uint8_t * +bio_mem_read_ptr(struct bio_mem *bm) +{ + return &bm->buf->data[bm->read_offset]; +} + +static int mem_new(BIO *bio); +static int mem_free(BIO *bio); +static int mem_write(BIO *bio, const char *in, int in_len); +static int mem_read(BIO *bio, char *out, int out_len); +static int mem_puts(BIO *bio, const char *in); +static int mem_gets(BIO *bio, char *out, int out_len); +static long mem_ctrl(BIO *bio, int cmd, long arg1, void *arg2); static const BIO_METHOD mem_method = { .type = BIO_TYPE_MEM, @@ -84,181 +107,207 @@ static const BIO_METHOD mem_method = { .destroy = mem_free }; -/* bio->num is used to hold the value to return on 'empty', if it is - * 0, should_retry is not set */ +/* + * bio->num is used to hold the value to return on 'empty', if it is + * 0, should_retry is not set. + */ const BIO_METHOD * BIO_s_mem(void) { - return (&mem_method); + return &mem_method; } BIO * -BIO_new_mem_buf(const void *buf, int len) +BIO_new_mem_buf(const void *buf, int buf_len) { - BIO *ret; - BUF_MEM *b; - size_t sz; + struct bio_mem *bm; + BIO *bio; - if (!buf) { + if (buf == NULL) { BIOerror(BIO_R_NULL_PARAMETER); return NULL; } - sz = (len < 0) ? strlen(buf) : (size_t)len; - if (!(ret = BIO_new(BIO_s_mem()))) + if (buf_len == -1) + buf_len = strlen(buf); + if (buf_len < 0) { + BIOerror(BIO_R_INVALID_ARGUMENT); return NULL; - b = (BUF_MEM *)ret->ptr; - b->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */ - b->length = sz; - b->max = sz; - ret->flags |= BIO_FLAGS_MEM_RDONLY; - /* Since this is static data retrying wont help */ - ret->num = 0; - return ret; -} - -static int -mem_new(BIO *bi) -{ - BUF_MEM *b; - - if ((b = BUF_MEM_new()) == NULL) - return (0); - bi->shutdown = 1; - bi->init = 1; - bi->num = -1; - bi->ptr = (char *)b; - return (1); -} - -static int -mem_free(BIO *a) -{ - if (a == NULL) - return (0); - if (a->shutdown) { - if ((a->init) && (a->ptr != NULL)) { - BUF_MEM *b; - b = (BUF_MEM *)a->ptr; - if (a->flags & BIO_FLAGS_MEM_RDONLY) - b->data = NULL; - BUF_MEM_free(b); - a->ptr = NULL; - } - } - return (1); -} - -static int -mem_read(BIO *b, char *out, int outl) -{ - int ret = -1; - BUF_MEM *bm; - - bm = (BUF_MEM *)b->ptr; - BIO_clear_retry_flags(b); - ret = (outl >=0 && (size_t)outl > bm->length) ? (int)bm->length : outl; - if ((out != NULL) && (ret > 0)) { - memcpy(out, bm->data, ret); - bm->length -= ret; - if (b->flags & BIO_FLAGS_MEM_RDONLY) - bm->data += ret; - else { - memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); - } - } else if (bm->length == 0) { - ret = b->num; - if (ret != 0) - BIO_set_retry_read(b); - } - return (ret); -} - -static int -mem_write(BIO *b, const char *in, int inl) -{ - int ret = -1; - int blen; - BUF_MEM *bm; - - bm = (BUF_MEM *)b->ptr; - if (in == NULL) { - BIOerror(BIO_R_NULL_PARAMETER); - goto end; } - if (b->flags & BIO_FLAGS_MEM_RDONLY) { + if ((bio = BIO_new(BIO_s_mem())) == NULL) + return NULL; + + bm = bio->ptr; + bm->buf->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */ + bm->buf->length = buf_len; + bm->buf->max = buf_len; + bio->flags |= BIO_FLAGS_MEM_RDONLY; + /* Since this is static data retrying will not help. */ + bio->num = 0; + + return bio; +} + +static int +mem_new(BIO *bio) +{ + struct bio_mem *bm; + + if ((bm = calloc(1, sizeof(*bm))) == NULL) + return 0; + if ((bm->buf = BUF_MEM_new()) == NULL) { + free(bm); + return 0; + } + + bio->shutdown = 1; + bio->init = 1; + bio->num = -1; + bio->ptr = bm; + + return 1; +} + +static int +mem_free(BIO *bio) +{ + struct bio_mem *bm; + + if (bio == NULL) + return 0; + if (!bio->init || bio->ptr == NULL) + return 1; + + bm = bio->ptr; + if (bio->shutdown) { + if (bio->flags & BIO_FLAGS_MEM_RDONLY) + bm->buf->data = NULL; + BUF_MEM_free(bm->buf); + } + free(bm); + bio->ptr = NULL; + + return 1; +} + +static int +mem_read(BIO *bio, char *out, int out_len) +{ + struct bio_mem *bm = bio->ptr; + + BIO_clear_retry_flags(bio); + + if (out == NULL || out_len <= 0) + return 0; + + if ((size_t)out_len > bio_mem_pending(bm)) + out_len = bio_mem_pending(bm); + + if (out_len == 0) { + if (bio->num != 0) + BIO_set_retry_read(bio); + return bio->num; + } + + memcpy(out, bio_mem_read_ptr(bm), out_len); + bm->read_offset += out_len; + + return out_len; +} + +static int +mem_write(BIO *bio, const char *in, int in_len) +{ + struct bio_mem *bm = bio->ptr; + size_t buf_len; + + BIO_clear_retry_flags(bio); + + if (in == NULL || in_len <= 0) + return 0; + + if (bio->flags & BIO_FLAGS_MEM_RDONLY) { BIOerror(BIO_R_WRITE_TO_READ_ONLY_BIO); - goto end; + return -1; } - BIO_clear_retry_flags(b); - blen = bm->length; - if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) - goto end; - memcpy(&(bm->data[blen]), in, inl); - ret = inl; -end: - return (ret); + if (bm->read_offset > 4096) { + memmove(bm->buf->data, bio_mem_read_ptr(bm), + bio_mem_pending(bm)); + bm->buf->length = bio_mem_pending(bm); + bm->read_offset = 0; + } + + /* + * Check for overflow and ensure we do not exceed an int, otherwise we + * cannot tell if BUF_MEM_grow_clean() succeeded. + */ + buf_len = bm->buf->length + in_len; + if (buf_len < bm->buf->length || buf_len > INT_MAX) + return -1; + + if (BUF_MEM_grow_clean(bm->buf, buf_len) != buf_len) + return -1; + + memcpy(&bm->buf->data[buf_len - in_len], in, in_len); + + return in_len; } static long -mem_ctrl(BIO *b, int cmd, long num, void *ptr) +mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { + struct bio_mem *bm = bio->ptr; + void **pptr; long ret = 1; - char **pptr; - - BUF_MEM *bm = (BUF_MEM *)b->ptr; switch (cmd) { case BIO_CTRL_RESET: - if (bm->data != NULL) { - /* For read only case reset to the start again */ - if (b->flags & BIO_FLAGS_MEM_RDONLY) { - bm->data -= bm->max - bm->length; - bm->length = bm->max; - } else { - memset(bm->data, 0, bm->max); - bm->length = 0; + if (bm->buf->data != NULL) { + if (!(bio->flags & BIO_FLAGS_MEM_RDONLY)) { + memset(bm->buf->data, 0, bm->buf->max); + bm->buf->length = 0; } + bm->read_offset = 0; } break; case BIO_CTRL_EOF: - ret = (long)(bm->length == 0); + ret = (long)(bio_mem_pending(bm) == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: - b->num = (int)num; + bio->num = (int)num; break; case BIO_CTRL_INFO: - ret = (long)bm->length; if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)&(bm->data[0]); + pptr = (void **)ptr; + *pptr = bio_mem_read_ptr(bm); } + ret = (long)bio_mem_pending(bm); break; case BIO_C_SET_BUF_MEM: - mem_free(b); - b->shutdown = (int)num; - b->ptr = ptr; + BUF_MEM_free(bm->buf); + bio->shutdown = (int)num; + bm->buf = ptr; + bm->read_offset = 0; break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)bm; + pptr = (void **)ptr; + *pptr = bm->buf; } break; case BIO_CTRL_GET_CLOSE: - ret = (long)b->shutdown; + ret = (long)bio->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; + bio->shutdown = (int)num; break; - case BIO_CTRL_WPENDING: ret = 0L; break; case BIO_CTRL_PENDING: - ret = (long)bm->length; + ret = (long)bio_mem_pending(bm); break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: @@ -270,27 +319,29 @@ mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int -mem_gets(BIO *bp, char *buf, int size) +mem_gets(BIO *bio, char *out, int out_len) { - int i, j; - int ret = -1; + struct bio_mem *bm = bio->ptr; + int i, out_max; char *p; - BUF_MEM *bm = (BUF_MEM *)bp->ptr; + int ret = -1; - BIO_clear_retry_flags(bp); - j = bm->length; - if ((size - 1) < j) - j = size - 1; - if (j <= 0) { - *buf = '\0'; + BIO_clear_retry_flags(bio); + + out_max = bio_mem_pending(bm); + if (out_len - 1 < out_max) + out_max = out_len - 1; + if (out_max <= 0) { + *out = '\0'; return 0; } - p = bm->data; - for (i = 0; i < j; i++) { + + p = bio_mem_read_ptr(bm); + for (i = 0; i < out_max; i++) { if (p[i] == '\n') { i++; break; @@ -298,24 +349,17 @@ mem_gets(BIO *bp, char *buf, int size) } /* - * i is now the max num of bytes to copy, either j or up to - * and including the first newline + * i is now the max num of bytes to copy, either out_max or up to and + * including the first newline */ + if ((ret = mem_read(bio, out, i)) > 0) + out[ret] = '\0'; - i = mem_read(bp, buf, i); - if (i > 0) - buf[i] = '\0'; - ret = i; - return (ret); + return ret; } static int -mem_puts(BIO *bp, const char *str) +mem_puts(BIO *bio, const char *in) { - int n, ret; - - n = strlen(str); - ret = mem_write(bp, str, n); - /* memory semantics is that it will always work */ - return (ret); + return mem_write(bio, in, strlen(in)); } diff --git a/externals/libressl/crypto/bio/bss_null.c b/externals/libressl/crypto/bio/bss_null.c index c6de844da..8a15b36b3 100755 --- a/externals/libressl/crypto/bio/bss_null.c +++ b/externals/libressl/crypto/bio/bss_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_null.c,v 1.11 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_null.c,v 1.12 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "bio_local.h" + static int null_write(BIO *h, const char *buf, int num); static int null_read(BIO *h, char *buf, int size); static int null_puts(BIO *h, const char *str); diff --git a/externals/libressl/crypto/bio/bss_sock.c b/externals/libressl/crypto/bio/bss_sock.c index 9c650a804..3b9a87fd8 100755 --- a/externals/libressl/crypto/bio/bss_sock.c +++ b/externals/libressl/crypto/bio/bss_sock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bss_sock.c,v 1.24 2018/05/01 13:29:10 tb Exp $ */ +/* $OpenBSD: bss_sock.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include +#include "bio_local.h" + static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); static int sock_puts(BIO *h, const char *str); diff --git a/externals/libressl/crypto/bn/bn_exp2.c b/externals/libressl/crypto/bn/bn_exp2.c index 372e1ee4e..c63503f94 100755 --- a/externals/libressl/crypto/bn/bn_exp2.c +++ b/externals/libressl/crypto/bn/bn_exp2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_exp2.c,v 1.13 2022/02/07 19:49:56 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -136,7 +136,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } diff --git a/externals/libressl/crypto/bn/bn_gcd.c b/externals/libressl/crypto/bn/bn_gcd.c index 469ae752f..d756398c8 100755 --- a/externals/libressl/crypto/bn/bn_gcd.c +++ b/externals/libressl/crypto/bn/bn_gcd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_gcd.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_gcd.c,v 1.16 2021/12/26 15:16:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -576,6 +576,9 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, bn_check_top(a); bn_check_top(n); + BN_init(&local_A); + BN_init(&local_B); + BN_CTX_start(ctx); if ((A = BN_CTX_get(ctx)) == NULL) goto err; @@ -608,10 +611,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, A->neg = 0; if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pB = &local_B; + /* BN_init() done at the top of the function. */ BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -633,10 +638,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, * sign*Y*a == A (mod |n|) */ - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pA = &local_A; + /* BN_init() done at the top of the function. */ BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ @@ -740,6 +747,9 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, goto err; R = in; + BN_init(&local_A); + BN_init(&local_B); + bn_check_top(a); bn_check_top(n); @@ -768,10 +778,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, A->neg = 0; if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pB = &local_B; + /* BN_init() done at the top of the function. */ BN_with_flags(pB, B, BN_FLG_CONSTTIME); if (!BN_nnmod(B, pB, A, ctx)) goto err; @@ -793,10 +805,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, * sign*Y*a == A (mod |n|) */ - /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ pA = &local_A; + /* BN_init() done at the top of the function. */ BN_with_flags(pA, A, BN_FLG_CONSTTIME); /* (D, M) := (A/B, A%B) ... */ diff --git a/externals/libressl/crypto/bn/bn_lcl.h b/externals/libressl/crypto/bn/bn_lcl.h index a165d0281..5f16660fa 100755 --- a/externals/libressl/crypto/bn/bn_lcl.h +++ b/externals/libressl/crypto/bn/bn_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lcl.h,v 1.30 2018/11/05 23:52:47 tb Exp $ */ +/* $OpenBSD: bn_lcl.h,v 1.31 2022/01/14 08:01:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,6 +118,50 @@ __BEGIN_HIDDEN_DECLS +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; + +/* Used for montgomery multiplication */ +struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0[2];/* least significant word(s) of Ni; + (type changed with 0.9.9, was "BN_ULONG n0;" before) */ + int flags; +}; + +/* Used for reciprocal division/mod functions + * It cannot be shared between threads + */ +struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * diff --git a/externals/libressl/crypto/bn/bn_lib.c b/externals/libressl/crypto/bn/bn_lib.c index 1a91b9e60..6e828f1e7 100755 --- a/externals/libressl/crypto/bn/bn_lib.c +++ b/externals/libressl/crypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.47 2019/06/17 17:11:48 tb Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.53 2021/12/27 15:12:22 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,6 +92,63 @@ static int bn_limit_num_high = 8; /* (1<flags = BN_FLG_MALLOCED; + ret->top = 0; + ret->neg = 0; + ret->dmax = 0; + ret->d = NULL; + bn_check_top(ret); + return (ret); +} + +void +BN_init(BIGNUM *a) +{ + memset(a, 0, sizeof(BIGNUM)); + bn_check_top(a); +} + +void +BN_clear(BIGNUM *a) +{ + bn_check_top(a); + if (a->d != NULL) + explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); + a->top = 0; + a->neg = 0; +} + +void +BN_clear_free(BIGNUM *a) +{ + int i; + + if (a == NULL) + return; + bn_check_top(a); + if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + freezero(a->d, a->dmax * sizeof(a->d[0])); + i = BN_get_flags(a, BN_FLG_MALLOCED); + explicit_bzero(a, sizeof(BIGNUM)); + if (i) + free(a); +} + +void +BN_free(BIGNUM *a) +{ + BN_clear_free(a); +} + void BN_set_params(int mult, int high, int low, int mont) { @@ -137,6 +194,30 @@ BN_get_params(int which) } #endif +void +BN_set_flags(BIGNUM *b, int n) +{ + b->flags |= n; +} + +int +BN_get_flags(const BIGNUM *b, int n) +{ + return b->flags & n; +} + +void +BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) +{ + int dest_flags; + + dest_flags = (dest->flags & BN_FLG_MALLOCED) | + (b->flags & ~BN_FLG_MALLOCED) | BN_FLG_STATIC_DATA | flags; + + *dest = *b; + dest->flags = dest_flags; +} + const BIGNUM * BN_value_one(void) { @@ -182,53 +263,6 @@ BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } -void -BN_clear_free(BIGNUM *a) -{ - int i; - - if (a == NULL) - return; - bn_check_top(a); - if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) - freezero(a->d, a->dmax * sizeof(a->d[0])); - i = BN_get_flags(a, BN_FLG_MALLOCED); - explicit_bzero(a, sizeof(BIGNUM)); - if (i) - free(a); -} - -void -BN_free(BIGNUM *a) -{ - BN_clear_free(a); -} - -void -BN_init(BIGNUM *a) -{ - memset(a, 0, sizeof(BIGNUM)); - bn_check_top(a); -} - -BIGNUM * -BN_new(void) -{ - BIGNUM *ret; - - if ((ret = malloc(sizeof(BIGNUM))) == NULL) { - BNerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->flags = BN_FLG_MALLOCED; - ret->top = 0; - ret->neg = 0; - ret->dmax = 0; - ret->d = NULL; - bn_check_top(ret); - return (ret); -} - /* This is used both by bn_expand2() and bn_dup_expand() */ /* The caller MUST check that words > b->dmax before calling this */ static BN_ULONG * @@ -494,16 +528,6 @@ BN_swap(BIGNUM *a, BIGNUM *b) bn_check_top(b); } -void -BN_clear(BIGNUM *a) -{ - bn_check_top(a); - if (a->d != NULL) - explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); - a->top = 0; - a->neg = 0; -} - BN_ULONG BN_get_word(const BIGNUM *a) { @@ -583,20 +607,143 @@ BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return (ret); } +typedef enum { + big, + little, +} endianness_t; + /* ignore negative */ +static int +bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianness_t endianness) +{ + int n; + size_t i, lasti, j, atop, mask; + BN_ULONG l; + + /* + * In case |a| is fixed-top, BN_num_bytes can return bogus length, + * but it's assumed that fixed-top inputs ought to be "nominated" + * even for padded output, so it works out... + */ + n = BN_num_bytes(a); + if (tolen == -1) + tolen = n; + else if (tolen < n) { /* uncommon/unlike case */ + BIGNUM temp = *a; + + bn_correct_top(&temp); + + n = BN_num_bytes(&temp); + if (tolen < n) + return -1; + } + + /* Swipe through whole available data and don't give away padded zero. */ + atop = a->dmax * BN_BYTES; + if (atop == 0) { + explicit_bzero(to, tolen); + return tolen; + } + + lasti = atop - 1; + atop = a->top * BN_BYTES; + + if (endianness == big) + to += tolen; /* start from the end of the buffer */ + + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; + + l = a->d[i / BN_BYTES]; + mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + + if (endianness == big) + *--to = val; + else + *to++ = val; + + i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ + } + + return tolen; +} + +int +BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + if (tolen < 0) + return -1; + return bn2binpad(a, to, tolen, big); +} + int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - int n, i; - BN_ULONG l; + return bn2binpad(a, to, -1, big); +} - bn_check_top(a); - n = i=BN_num_bytes(a); - while (i--) { - l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; +BIGNUM * +BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) +{ + unsigned int i, m, n; + BN_ULONG l; + BIGNUM *bn = NULL; + + if (ret == NULL) + ret = bn = BN_new(); + if (ret == NULL) + return NULL; + + bn_check_top(ret); + + s += len; + /* Skip trailing zeroes. */ + for (; len > 0 && s[-1] == 0; s--, len--) + continue; + + n = len; + if (n == 0) { + ret->top = 0; + return ret; } - return (n); + + i = ((n - 1) / BN_BYTES) + 1; + m = (n - 1) % BN_BYTES; + if (bn_wexpand(ret, (int)i) == NULL) { + BN_free(bn); + return NULL; + } + + ret->top = i; + ret->neg = 0; + l = 0; + while (n-- > 0) { + s--; + l = (l << 8L) | *s; + if (m-- == 0) { + ret->d[--i] = l; + l = 0; + m = BN_BYTES - 1; + } + } + + /* + * need to call this due to clear byte at top if avoiding having the + * top bit set (-ve number) + */ + bn_correct_top(ret); + + return ret; +} + +int +BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + if (tolen < 0) + return -1; + + return bn2binpad(a, to, tolen, little); } int @@ -914,6 +1061,50 @@ BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords) return 1; } +void +BN_zero_ex(BIGNUM *a) +{ + a->neg = 0; + a->top = 0; + /* XXX: a->flags &= ~BN_FIXED_TOP */ +} + +int +BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return (a->top == 1 && a->d[0] == w) || (w == 0 && a->top == 0); +} + +int +BN_is_zero(const BIGNUM *a) +{ + return a->top == 0; +} + +int +BN_is_one(const BIGNUM *a) +{ + return BN_abs_is_word(a, 1) && !a->neg; +} + +int +BN_is_word(const BIGNUM *a, const BN_ULONG w) +{ + return BN_abs_is_word(a, w) && (w == 0 || !a->neg); +} + +int +BN_is_odd(const BIGNUM *a) +{ + return a->top > 0 && (a->d[0] & 1); +} + +int +BN_is_negative(const BIGNUM *a) +{ + return a->neg != 0; +} + BN_GENCB * BN_GENCB_new(void) { @@ -933,6 +1124,24 @@ BN_GENCB_free(BN_GENCB *cb) free(cb); } +/* Populate a BN_GENCB structure with an "old"-style callback */ +void +BN_GENCB_set_old(BN_GENCB *gencb, void (*cb)(int, int, void *), void *cb_arg) +{ + gencb->ver = 1; + gencb->cb.cb_1 = cb; + gencb->arg = cb_arg; +} + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void +BN_GENCB_set(BN_GENCB *gencb, int (*cb)(int, int, BN_GENCB *), void *cb_arg) +{ + gencb->ver = 2; + gencb->cb.cb_2 = cb; + gencb->arg = cb_arg; +} + void * BN_GENCB_get_arg(BN_GENCB *cb) { diff --git a/externals/libressl/crypto/bn/bn_mont.c b/externals/libressl/crypto/bn/bn_mont.c index eeac04682..e01af702e 100755 --- a/externals/libressl/crypto/bn/bn_mont.c +++ b/externals/libressl/crypto/bn/bn_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mont.c,v 1.26 2017/01/21 11:00:46 beck Exp $ */ +/* $OpenBSD: bn_mont.c,v 1.28 2022/02/07 19:44:23 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -175,6 +175,12 @@ err: return (ret); } +int +BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) +{ + return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx); +} + #ifdef MONT_WORD static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) @@ -363,6 +369,9 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) int ret = 0; BIGNUM *Ri, *R; + if (BN_is_zero(mod)) + return 0; + BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; diff --git a/externals/libressl/crypto/bn/bn_nist.c b/externals/libressl/crypto/bn/bn_nist.c index b16584d6b..3a04c471c 100755 --- a/externals/libressl/crypto/bn/bn_nist.c +++ b/externals/libressl/crypto/bn/bn_nist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_nist.c,v 1.18 2016/07/18 01:04:52 bcook Exp $ */ +/* $OpenBSD: bn_nist.c,v 1.19 2021/11/09 18:40:20 bcook Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -56,8 +56,7 @@ * */ -#include - +#include #include #include diff --git a/externals/libressl/crypto/bn/bn_print.c b/externals/libressl/crypto/bn/bn_print.c index de67c03c1..9b5c75331 100755 --- a/externals/libressl/crypto/bn/bn_print.c +++ b/externals/libressl/crypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_print.c,v 1.33 2022/01/20 10:53:33 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -216,7 +216,7 @@ BN_hex2bn(BIGNUM **bn, const char *a) if ((ret = BN_new()) == NULL) return (0); } else { - ret= *bn; + ret = *bn; BN_zero(ret); } @@ -228,7 +228,7 @@ BN_hex2bn(BIGNUM **bn, const char *a) m = 0; h = 0; while (j > 0) { - m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j; + m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; l = 0; for (;;) { c = a[j - m]; @@ -310,8 +310,10 @@ BN_dec2bn(BIGNUM **bn, const char *a) l += *a - '0'; a++; if (++j == BN_DEC_NUM) { - BN_mul_word(ret, BN_DEC_CONV); - BN_add_word(ret, l); + if (!BN_mul_word(ret, BN_DEC_CONV)) + goto err; + if (!BN_add_word(ret, l)) + goto err; l = 0; j = 0; } diff --git a/externals/libressl/crypto/bn/bn_rand.c b/externals/libressl/crypto/bn/bn_rand.c index f94ce1dce..b21692c94 100755 --- a/externals/libressl/crypto/bn/bn_rand.c +++ b/externals/libressl/crypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.24 2020/09/12 17:16:36 tb Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.25 2021/08/31 11:19:19 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -194,20 +194,20 @@ err: return (ret); } -int +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(0, rnd, bits, top, bottom); } -int +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(1, rnd, bits, top, bottom); } #if 1 -int +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(2, rnd, bits, top, bottom); diff --git a/externals/libressl/crypto/bn/bn_sqrt.c b/externals/libressl/crypto/bn/bn_sqrt.c index 8514f23a2..4b9638b6d 100755 --- a/externals/libressl/crypto/bn/bn_sqrt.c +++ b/externals/libressl/crypto/bn/bn_sqrt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_sqrt.c,v 1.10 2022/03/15 15:52:39 tb Exp $ */ /* Written by Lenka Fibikova * and Bodo Moeller for the OpenSSL project. */ /* ==================================================================== @@ -351,21 +351,22 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto vrfy; } - - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - BNerror(BN_R_NOT_A_SQUARE); - goto end; + /* Find the smallest i with 0 < i < e such that b^(2^i) = 1. */ + for (i = 1; i < e; i++) { + if (i == 1) { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + } else { + if (!BN_mod_sqr(t, t, p, ctx)) + goto end; } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; + if (BN_is_one(t)) + break; + } + if (i >= e) { + BNerror(BN_R_NOT_A_SQUARE); + goto end; } - /* t := y^2^(e - i - 1) */ if (!BN_copy(t, y)) diff --git a/externals/libressl/crypto/bn/bn_x931p.c b/externals/libressl/crypto/bn/bn_x931p.c index 55ca21c08..7fc3b5c2a 100755 --- a/externals/libressl/crypto/bn/bn_x931p.c +++ b/externals/libressl/crypto/bn/bn_x931p.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */ +/* $OpenBSD: bn_x931p.c,v 1.13 2022/01/20 10:56:22 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -139,13 +139,13 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, /* First set p to value of Rp */ - if (!BN_mod_inverse_ct(p, p2, p1, ctx)) + if (BN_mod_inverse_ct(p, p2, p1, ctx) == NULL) goto err; if (!BN_mul(p, p, p2, ctx)) goto err; - if (!BN_mod_inverse_ct(t, p1, p2, ctx)) + if (BN_mod_inverse_ct(t, p1, p2, ctx) == NULL) goto err; if (!BN_mul(t, t, p1, ctx)) @@ -154,7 +154,7 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, if (!BN_sub(p, p, t)) goto err; - if (p->neg && !BN_add(p, p, p1p2)) + if (BN_is_negative(p) && !BN_add(p, p, p1p2)) goto err; /* p now equals Rp */ @@ -237,7 +237,8 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) if (!BN_rand(Xq, nbits, 1, 0)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } diff --git a/externals/libressl/crypto/bn/gf2m-masm-x86_64.S b/externals/libressl/crypto/bn/gf2m-masm-x86_64.S index 8fcaa2d43..a3ce027b3 100755 --- a/externals/libressl/crypto/bn/gf2m-masm-x86_64.S +++ b/externals/libressl/crypto/bn/gf2m-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/bn/gf2m-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/gf2m-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/bn/modexp512-masm-x86_64.S b/externals/libressl/crypto/bn/modexp512-masm-x86_64.S index 453cfacff..9626fe387 100755 --- a/externals/libressl/crypto/bn/modexp512-masm-x86_64.S +++ b/externals/libressl/crypto/bn/modexp512-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/bn/mont-masm-x86_64.S b/externals/libressl/crypto/bn/mont-masm-x86_64.S index c943f1546..4896acd1a 100755 --- a/externals/libressl/crypto/bn/mont-masm-x86_64.S +++ b/externals/libressl/crypto/bn/mont-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/bn/mont-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/mont-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/bn/mont5-masm-x86_64.S b/externals/libressl/crypto/bn/mont5-masm-x86_64.S index dbbbe35bd..cc709e673 100755 --- a/externals/libressl/crypto/bn/mont5-masm-x86_64.S +++ b/externals/libressl/crypto/bn/mont5-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/bytestring/bs_ber.c b/externals/libressl/crypto/bytestring/bs_ber.c new file mode 100755 index 000000000..c9779c896 --- /dev/null +++ b/externals/libressl/crypto/bytestring/bs_ber.c @@ -0,0 +1,269 @@ +/* $OpenBSD: bs_ber.c,v 1.2 2021/12/15 18:02:39 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "bytestring.h" + +/* + * kMaxDepth is a just a sanity limit. The code should be such that the length + * of the input being processes always decreases. None the less, a very large + * input could otherwise cause the stack to overflow. + */ +static const unsigned int kMaxDepth = 2048; + +/* Non-strict version that allows a relaxed DER with indefinite form. */ +static int +cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, + out_tag, out_header_len, 0); +} + +/* + * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets + * |*indefinite_found| depending on whether an indefinite length element was + * found. The value of |orig_in| is not modified. + * + * Returns one on success (i.e. |*indefinite_found| was set) and zero on error. + */ +static int +cbs_find_indefinite(const CBS *orig_in, char *indefinite_found, + unsigned int depth) +{ + CBS in; + + if (depth > kMaxDepth) + return 0; + + CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); + + while (CBS_len(&in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + + if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag, + &header_len)) + return 0; + + /* Indefinite form not allowed by DER. */ + if (CBS_len(&contents) == header_len && header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + *indefinite_found = 1; + return 1; + } + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!CBS_skip(&contents, header_len) || + !cbs_find_indefinite(&contents, indefinite_found, + depth + 1)) + return 0; + } + } + + *indefinite_found = 0; + return 1; +} + +/* + * is_primitive_type returns true if |tag| likely a primitive type. Normally + * one can just test the "constructed" bit in the tag but, in BER, even + * primitive tags can have the constructed bit if they have indefinite + * length. + */ +static char +is_primitive_type(unsigned int tag) +{ + return (tag & 0xc0) == 0 && + (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) && + (tag & 0x1f) != (CBS_ASN1_SET & 0x1f); +} + +/* + * is_eoc returns true if |header_len| and |contents|, as returned by + * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC) + * value. + */ +static char +is_eoc(size_t header_len, CBS *contents) +{ + const unsigned char eoc[] = {0x0, 0x0}; + + return header_len == 2 && CBS_mem_equal(contents, eoc, 2); +} + +/* + * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow + * indefinite form) from |in| and writes definite form DER data to |out|. If + * |squash_header| is set then the top-level of elements from |in| will not + * have their headers written. This is used when concatenating the fragments of + * an indefinite length, primitive value. If |looking_for_eoc| is set then any + * EOC elements found will cause the function to return after consuming it. + * It returns one on success and zero on error. + */ +static int +cbs_convert_indefinite(CBS *in, CBB *out, char squash_header, + char looking_for_eoc, unsigned int depth) +{ + if (depth > kMaxDepth) + return 0; + + while (CBS_len(in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + CBB *out_contents, out_contents_storage; + + if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag, + &header_len)) + return 0; + + out_contents = out; + + if (CBS_len(&contents) == header_len) { + if (is_eoc(header_len, &contents)) + return looking_for_eoc; + + if (header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + /* + * This is an indefinite length element. If + * it's a SEQUENCE or SET then we just need to + * write the out the contents as normal, but + * with a concrete length prefix. + * + * If it's a something else then the contents + * will be a series of DER elements of the same + * type which need to be concatenated. + */ + const char context_specific = (tag & 0xc0) + == 0x80; + char squash_child_headers = + is_primitive_type(tag); + + /* + * This is a hack, but it sufficies to handle + * NSS's output. If we find an indefinite + * length, context-specific tag with a definite, + * primtive tag inside it, then we assume that + * the context-specific tag is implicit and the + * tags within are fragments of a primitive type + * that need to be concatenated. + */ + if (context_specific && + (tag & CBS_ASN1_CONSTRUCTED)) { + CBS in_copy, inner_contents; + unsigned int inner_tag; + size_t inner_header_len; + + CBS_init(&in_copy, CBS_data(in), + CBS_len(in)); + if (!cbs_nonstrict_get_any_asn1_element( + &in_copy, &inner_contents, + &inner_tag, &inner_header_len)) + return 0; + + if (CBS_len(&inner_contents) > + inner_header_len && + is_primitive_type(inner_tag)) + squash_child_headers = 1; + } + + if (!squash_header) { + unsigned int out_tag = tag; + + if (squash_child_headers) + out_tag &= + ~CBS_ASN1_CONSTRUCTED; + + if (!CBB_add_asn1(out, + &out_contents_storage, out_tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!cbs_convert_indefinite(in, out_contents, + squash_child_headers, + 1 /* looking for eoc */, depth + 1)) + return 0; + + if (out_contents != out && !CBB_flush(out)) + return 0; + + continue; + } + } + + if (!squash_header) { + if (!CBB_add_asn1(out, &out_contents_storage, tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!CBS_skip(&contents, header_len)) + return 0; + + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!cbs_convert_indefinite(&contents, out_contents, + 0 /* don't squash header */, + 0 /* not looking for eoc */, depth + 1)) + return 0; + } else { + if (!CBB_add_bytes(out_contents, CBS_data(&contents), + CBS_len(&contents))) + return 0; + } + + if (out_contents != out && !CBB_flush(out)) + return 0; + } + + return looking_for_eoc == 0; +} + +int +CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len) +{ + CBB cbb; + + /* + * First, do a quick walk to find any indefinite-length elements. Most + * of the time we hope that there aren't any and thus we can quickly + * return. + */ + char conversion_needed; + if (!cbs_find_indefinite(in, &conversion_needed, 0)) + return 0; + + if (!conversion_needed) { + *out = NULL; + *out_len = 0; + return 1; + } + + if (!CBB_init(&cbb, CBS_len(in))) + return 0; + if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) { + CBB_cleanup(&cbb); + return 0; + } + + return CBB_finish(&cbb, out, out_len); +} diff --git a/externals/libressl/crypto/bytestring/bs_cbb.c b/externals/libressl/crypto/bytestring/bs_cbb.c new file mode 100755 index 000000000..130093117 --- /dev/null +++ b/externals/libressl/crypto/bytestring/bs_cbb.c @@ -0,0 +1,480 @@ +/* $OpenBSD: bs_cbb.c,v 1.3 2022/01/06 14:32:55 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" + +#define CBB_INITIAL_SIZE 64 + +static int +cbb_init(CBB *cbb, uint8_t *buf, size_t cap) +{ + struct cbb_buffer_st *base; + + if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL) + return 0; + + base->buf = buf; + base->len = 0; + base->cap = cap; + base->can_resize = 1; + + cbb->base = base; + cbb->is_top_level = 1; + + return 1; +} + +int +CBB_init(CBB *cbb, size_t initial_capacity) +{ + uint8_t *buf = NULL; + + memset(cbb, 0, sizeof(*cbb)); + + if (initial_capacity == 0) + initial_capacity = CBB_INITIAL_SIZE; + + if ((buf = calloc(1, initial_capacity)) == NULL) + return 0; + + if (!cbb_init(cbb, buf, initial_capacity)) { + free(buf); + return 0; + } + + return 1; +} + +int +CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) +{ + memset(cbb, 0, sizeof(*cbb)); + + if (!cbb_init(cbb, buf, len)) + return 0; + + cbb->base->can_resize = 0; + + return 1; +} + +void +CBB_cleanup(CBB *cbb) +{ + if (cbb->base) { + if (cbb->base->can_resize) + freezero(cbb->base->buf, cbb->base->cap); + free(cbb->base); + } + cbb->base = NULL; + cbb->child = NULL; +} + +static int +cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) +{ + size_t newlen; + + if (base == NULL) + return 0; + + newlen = base->len + len; + if (newlen < base->len) + /* Overflow */ + return 0; + + if (newlen > base->cap) { + size_t newcap = base->cap * 2; + uint8_t *newbuf; + + if (!base->can_resize) + return 0; + + if (newcap < base->cap || newcap < newlen) + newcap = newlen; + + newbuf = recallocarray(base->buf, base->cap, newcap, 1); + if (newbuf == NULL) + return 0; + + base->buf = newbuf; + base->cap = newcap; + } + + if (out) + *out = base->buf + base->len; + + base->len = newlen; + return 1; +} + +static int +cbb_add_u(CBB *cbb, uint32_t v, size_t len_len) +{ + uint8_t *buf; + size_t i; + + if (len_len == 0) + return 1; + + if (len_len > 4) + return 0; + + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len)) + return 0; + + for (i = len_len - 1; i < len_len; i--) { + buf[i] = v; + v >>= 8; + } + return 1; +} + +int +CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) +{ + if (!cbb->is_top_level) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) + /* + * |out_data| and |out_len| can only be NULL if the CBB is + * fixed. + */ + return 0; + + if (out_data != NULL) + *out_data = cbb->base->buf; + + if (out_len != NULL) + *out_len = cbb->base->len; + + cbb->base->buf = NULL; + CBB_cleanup(cbb); + return 1; +} + +/* + * CBB_flush recurses and then writes out any pending length prefix. The current + * length of the underlying base is taken to be the length of the + * length-prefixed data. + */ +int +CBB_flush(CBB *cbb) +{ + size_t child_start, i, len; + + if (cbb->base == NULL) + return 0; + + if (cbb->child == NULL || cbb->pending_len_len == 0) + return 1; + + child_start = cbb->offset + cbb->pending_len_len; + + if (!CBB_flush(cbb->child) || child_start < cbb->offset || + cbb->base->len < child_start) + return 0; + + len = cbb->base->len - child_start; + + if (cbb->pending_is_asn1) { + /* + * For ASN.1, we assumed that we were using short form which + * only requires a single byte for the length octet. + * + * If it turns out that we need long form, we have to move + * the contents along in order to make space for more length + * octets. + */ + size_t len_len = 1; /* total number of length octets */ + uint8_t initial_length_byte; + + /* We already wrote 1 byte for the length. */ + if (cbb->pending_len_len != 1) + return 0; + + /* Check for long form */ + if (len > 0xfffffffe) + return 0; /* 0xffffffff is reserved */ + else if (len > 0xffffff) + len_len = 5; + else if (len > 0xffff) + len_len = 4; + else if (len > 0xff) + len_len = 3; + else if (len > 0x7f) + len_len = 2; + + if (len_len == 1) { + /* For short form, the initial byte is the length. */ + initial_length_byte = len; + len = 0; + + } else { + /* + * For long form, the initial byte is the number of + * subsequent length octets (plus bit 8 set). + */ + initial_length_byte = 0x80 | (len_len - 1); + + /* + * We need to move the contents along in order to make + * space for the long form length octets. + */ + size_t extra_bytes = len_len - 1; + if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) + return 0; + + memmove(cbb->base->buf + child_start + extra_bytes, + cbb->base->buf + child_start, len); + } + cbb->base->buf[cbb->offset++] = initial_length_byte; + cbb->pending_len_len = len_len - 1; + } + + for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { + cbb->base->buf[cbb->offset + i] = len; + len >>= 8; + } + if (len != 0) + return 0; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; + + return 1; +} + +void +CBB_discard_child(CBB *cbb) +{ + if (cbb->child == NULL) + return; + + cbb->base->len = cbb->offset; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; +} + +static int +cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) +{ + uint8_t *prefix_bytes; + + if (!CBB_flush(cbb)) + return 0; + + cbb->offset = cbb->base->len; + if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) + return 0; + + memset(prefix_bytes, 0, len_len); + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = len_len; + cbb->pending_is_asn1 = 0; + + return 1; +} + +int +CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 1); +} + +int +CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 2); +} + +int +CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 3); +} + +int +CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag) +{ + if (tag > UINT8_MAX) + return 0; + + /* Long form identifier octets are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + /* Short-form identifier octet only needs a single byte */ + if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) + return 0; + + /* + * Add 1 byte to cover the short-form length octet case. If it turns + * out we need long-form, it will be extended later. + */ + cbb->offset = cbb->base->len; + if (!CBB_add_u8(cbb, 0)) + return 0; + + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = 1; + cbb->pending_is_asn1 = 1; + + return 1; +} + +int +CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) +{ + uint8_t *dest; + + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len)) + return 0; + + memcpy(dest, data, len); + return 1; +} + +int +CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) +{ + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) + return 0; + + memset(*out_data, 0, len); + return 1; +} + +int +CBB_add_u8(CBB *cbb, size_t value) +{ + if (value > UINT8_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 1); +} + +int +CBB_add_u16(CBB *cbb, size_t value) +{ + if (value > UINT16_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 2); +} + +int +CBB_add_u24(CBB *cbb, size_t value) +{ + if (value > 0xffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 3); +} + +int +CBB_add_u32(CBB *cbb, size_t value) +{ + if (value > 0xffffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 4); +} + +int +CBB_add_u64(CBB *cbb, uint64_t value) +{ + uint32_t a, b; + + a = value >> 32; + b = value & 0xffffffff; + + if (!CBB_add_u32(cbb, a)) + return 0; + return CBB_add_u32(cbb, b); +} + +int +CBB_add_asn1_uint64(CBB *cbb, uint64_t value) +{ + CBB child; + size_t i; + int started = 0; + + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) + return 0; + + for (i = 0; i < 8; i++) { + uint8_t byte = (value >> 8 * (7 - i)) & 0xff; + + /* + * ASN.1 restriction: first 9 bits cannot be all zeroes or + * all ones. Since this function only encodes unsigned + * integers, the only concerns are not encoding leading + * zeros and adding a padding byte if necessary. + * + * In practice, this means: + * 1) Skip leading octets of all zero bits in the value + * 2) After skipping the leading zero octets, if the next 9 + * bits are all ones, add an all zero prefix octet (and + * set the high bit of the prefix octet if negative). + * + * Additionally, for an unsigned value, add an all zero + * prefix if the high bit of the first octet would be one. + */ + if (!started) { + if (byte == 0) + /* Don't encode leading zeros. */ + continue; + + /* + * If the high bit is set, add a padding byte to make it + * unsigned. + */ + if ((byte & 0x80) && !CBB_add_u8(&child, 0)) + return 0; + + started = 1; + } + if (!CBB_add_u8(&child, byte)) + return 0; + } + + /* 0 is encoded as a single 0, not the empty string. */ + if (!started && !CBB_add_u8(&child, 0)) + return 0; + + return CBB_flush(cbb); +} diff --git a/externals/libressl/crypto/bytestring/bs_cbs.c b/externals/libressl/crypto/bytestring/bs_cbs.c new file mode 100755 index 000000000..e2bb54e46 --- /dev/null +++ b/externals/libressl/crypto/bytestring/bs_cbs.c @@ -0,0 +1,615 @@ +/* $OpenBSD: bs_cbs.c,v 1.2 2021/12/15 18:02:39 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" + +void +CBS_init(CBS *cbs, const uint8_t *data, size_t len) +{ + cbs->data = data; + cbs->initial_len = len; + cbs->len = len; +} + +void +CBS_dup(const CBS *cbs, CBS *out) +{ + CBS_init(out, CBS_data(cbs), CBS_len(cbs)); + out->initial_len = cbs->initial_len; +} + +static int +cbs_get(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + cbs->data += n; + cbs->len -= n; + return 1; +} + +static int +cbs_peek(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + return 1; +} + +size_t +CBS_offset(const CBS *cbs) +{ + return cbs->initial_len - cbs->len; +} + +int +CBS_skip(CBS *cbs, size_t len) +{ + const uint8_t *dummy; + return cbs_get(cbs, &dummy, len); +} + +const uint8_t * +CBS_data(const CBS *cbs) +{ + return cbs->data; +} + +size_t +CBS_len(const CBS *cbs) +{ + return cbs->len; +} + +int +CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) +{ + free(*out_ptr); + *out_ptr = NULL; + *out_len = 0; + + if (cbs->len == 0) + return 1; + + if ((*out_ptr = malloc(cbs->len)) == NULL) + return 0; + + memcpy(*out_ptr, cbs->data, cbs->len); + + *out_len = cbs->len; + return 1; +} + +int +CBS_strdup(const CBS *cbs, char **out_ptr) +{ + free(*out_ptr); + *out_ptr = NULL; + + if (CBS_contains_zero_byte(cbs)) + return 0; + + *out_ptr = strndup((const char *)cbs->data, cbs->len); + return (*out_ptr != NULL); +} + +int +CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied) +{ + if (dst_len < cbs->len) + return 0; + + memmove(dst, cbs->data, cbs->len); + + if (copied != NULL) + *copied = cbs->len; + + return 1; +} + +int +CBS_contains_zero_byte(const CBS *cbs) +{ + return memchr(cbs->data, 0, cbs->len) != NULL; +} + +int +CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) +{ + if (len != cbs->len) + return 0; + + return timingsafe_memcmp(cbs->data, data, len) == 0; +} + +static int +cbs_get_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_get(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_get_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_get_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_get_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_get_u24(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 3); +} + +int +CBS_get_u32(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 4); +} + +int +CBS_get_u64(CBS *cbs, uint64_t *out) +{ + uint32_t a, b; + + if (cbs->len < 8) + return 0; + + if (!CBS_get_u32(cbs, &a)) + return 0; + if (!CBS_get_u32(cbs, &b)) + return 0; + + *out = (uint64_t)a << 32 | b; + return 1; +} + +int +CBS_get_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + cbs->len--; + return 1; +} + +int +CBS_get_bytes(CBS *cbs, CBS *out, size_t len) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, len)) + return 0; + + CBS_init(out, v, len); + return 1; +} + +static int +cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) +{ + uint32_t len; + + if (!cbs_get_u(cbs, &len, len_len)) + return 0; + + return CBS_get_bytes(cbs, out, len); +} + +int +CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 1); +} + +int +CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 2); +} + +int +CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 3); +} + +static int +cbs_peek_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_peek(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_peek_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_peek(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_peek_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_peek_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_peek_u24(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 3); +} + +int +CBS_peek_u32(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 4); +} + +int +CBS_peek_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + return 1; +} + +int +CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, out_tag, + out_header_len, 1); +} + +/* + * Review X.690 for details on ASN.1 DER encoding. + * + * If non-strict mode is enabled, then DER rules are relaxed + * for indefinite constructs (violates DER but a little closer to BER). + * Non-strict mode should only be used by bs_ber.c + * + * Sections 8, 10 and 11 for DER encoding + */ +int +cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict) +{ + uint8_t tag, length_byte; + CBS header = *cbs; + CBS throwaway; + size_t len; + + if (out == NULL) + out = &throwaway; + + /* + * Get identifier octet and length octet. Only 1 octet for each + * is a CBS limitation. + */ + if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte)) + return 0; + + /* CBS limitation: long form tags are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + if (out_tag != NULL) + *out_tag = tag; + + if ((length_byte & 0x80) == 0) { + /* Short form length. */ + len = ((size_t) length_byte) + 2; + if (out_header_len != NULL) + *out_header_len = 2; + + } else { + /* Long form length. */ + const size_t num_bytes = length_byte & 0x7f; + uint32_t len32; + + /* ASN.1 reserved value for future extensions */ + if (num_bytes == 0x7f) + return 0; + + /* Handle indefinite form length */ + if (num_bytes == 0) { + /* DER encoding doesn't allow for indefinite form. */ + if (strict) + return 0; + + /* Primitive cannot use indefinite in BER or DER. */ + if ((tag & CBS_ASN1_CONSTRUCTED) == 0) + return 0; + + /* Constructed, indefinite length allowed in BER. */ + if (out_header_len != NULL) + *out_header_len = 2; + return CBS_get_bytes(cbs, out, 2); + } + + /* CBS limitation. */ + if (num_bytes > 4) + return 0; + + if (!cbs_get_u(&header, &len32, num_bytes)) + return 0; + + /* DER has a minimum length octet requirement. */ + if (len32 < 128) + /* Should have used short form instead */ + return 0; + + if ((len32 >> ((num_bytes - 1) * 8)) == 0) + /* Length should have been at least one byte shorter. */ + return 0; + + len = len32; + if (len + 2 + num_bytes < len) + /* Overflow. */ + return 0; + + len += 2 + num_bytes; + if (out_header_len != NULL) + *out_header_len = 2 + num_bytes; + } + + return CBS_get_bytes(cbs, out, len); +} + +static int +cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header) +{ + size_t header_len; + unsigned int tag; + CBS throwaway; + + if (out == NULL) + out = &throwaway; + + if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || + tag != tag_value) + return 0; + + if (skip_header && !CBS_skip(out, header_len)) + return 0; + + return 1; +} + +int +CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */); +} + +int +CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */); +} + +int +CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value) +{ + if (CBS_len(cbs) < 1) + return 0; + + /* + * Tag number 31 indicates the start of a long form number. + * This is valid in ASN.1, but CBS only supports short form. + */ + if ((tag_value & 0x1f) == 0x1f) + return 0; + + return CBS_data(cbs)[0] == tag_value; +} + +/* Encoding details are in ASN.1: X.690 section 8.3 */ +int +CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) +{ + CBS bytes; + const uint8_t *data; + size_t i, len; + + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) + return 0; + + *out = 0; + data = CBS_data(&bytes); + len = CBS_len(&bytes); + + if (len == 0) + /* An INTEGER is encoded with at least one content octet. */ + return 0; + + if ((data[0] & 0x80) != 0) + /* Negative number. */ + return 0; + + if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) + /* Violates smallest encoding rule: excessive leading zeros. */ + return 0; + + for (i = 0; i < len; i++) { + if ((*out >> 56) != 0) + /* Too large to represent as a uint64_t. */ + return 0; + + *out <<= 8; + *out |= data[i]; + } + + return 1; +} + +int +CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag) +{ + if (CBS_peek_asn1_tag(cbs, tag)) { + if (!CBS_get_asn1(cbs, out, tag)) + return 0; + + *out_present = 1; + } else { + *out_present = 0; + } + return 1; +} + +int +CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) || + CBS_len(&child) != 0) + return 0; + } else { + CBS_init(out, NULL, 0); + } + if (out_present) + *out_present = present; + + return 1; +} + +int +CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1_uint64(&child, out) || + CBS_len(&child) != 0) + return 0; + } else { + *out = default_value; + } + return 1; +} + +int +CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value) +{ + CBS child, child2; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + uint8_t boolean; + + if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || + CBS_len(&child2) != 1 || CBS_len(&child) != 0) + return 0; + + boolean = CBS_data(&child2)[0]; + if (boolean == 0) + *out = 0; + else if (boolean == 0xff) + *out = 1; + else + return 0; + + } else { + *out = default_value; + } + return 1; +} diff --git a/externals/libressl/crypto/bytestring/bytestring.h b/externals/libressl/crypto/bytestring/bytestring.h new file mode 100755 index 000000000..d8ef8ffdd --- /dev/null +++ b/externals/libressl/crypto/bytestring/bytestring.h @@ -0,0 +1,566 @@ +/* $OpenBSD: bytestring.h,v 1.3 2022/01/06 14:32:55 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSL_HEADER_BYTESTRING_H +#define OPENSSL_HEADER_BYTESTRING_H + +#include +#include + +__BEGIN_HIDDEN_DECLS + +/* + * Bytestrings are used for parsing and building TLS and ASN.1 messages. + * + * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and + * provides utility functions for safely parsing length-prefixed structures + * like TLS and ASN.1 from it. + * + * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and + * provides utility functions for building length-prefixed messages. + */ + +/* CRYPTO ByteString */ +typedef struct cbs_st { + const uint8_t *data; + size_t initial_len; + size_t len; +} CBS; + +/* + * CBS_init sets |cbs| to point to |data|. It does not take ownership of + * |data|. + */ +void CBS_init(CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero + * otherwise. + */ +int CBS_skip(CBS *cbs, size_t len); + +/* + * CBS_data returns a pointer to the contents of |cbs|. + */ +const uint8_t *CBS_data(const CBS *cbs); + +/* + * CBS_len returns the number of bytes remaining in |cbs|. + */ +size_t CBS_len(const CBS *cbs); + +/* + * CBS_offset returns the current offset into the original data of |cbs|. + */ +size_t CBS_offset(const CBS *cbs); + +/* + * CBS_stow copies the current contents of |cbs| into |*out_ptr| and + * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with + * free. It returns one on success and zero on allocation failure. On + * success, |*out_ptr| should be freed with free. If |cbs| is empty, + * |*out_ptr| will be NULL. + */ +int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len); + +/* + * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a + * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed + * with free. It returns one on success and zero on allocation + * failure. On success, |*out_ptr| should be freed with free. + * + * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call + * |CBS_contains_zero_byte(cbs)| to check for NUL bytes. + */ +int CBS_strdup(const CBS *cbs, char **out_ptr); + +/* + * CBS_write_bytes writes all of the remaining data from |cbs| into |dst| + * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set + * to the amount copied. It returns one on success and zero otherwise. + */ +int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, + size_t *copied); + +/* + * CBS_contains_zero_byte returns one if the current contents of |cbs| contains + * a NUL byte and zero otherwise. + */ +int CBS_contains_zero_byte(const CBS *cbs); + +/* + * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes + * starting at |data|. If they're equal, it returns one, otherwise zero. If the + * lengths match, it uses a constant-time comparison. + */ +int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It + * returns one on success and zero on error. + */ +int CBS_get_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_last_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_bytes(CBS *cbs, CBS *out, size_t len); + +/* + * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit, + * length-prefixed value from |cbs| and advances |cbs| over it. It returns one + * on success and zero on error. + */ +int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance + * |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|, + * but does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not + * shorten |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_last_u8(CBS *cbs, uint8_t *out); + + +/* Parsing ASN.1 */ + +/* + * While an identifier can be multiple octets, this library only handles the + * single octet variety currently. This limits support up to tag number 30 + * since tag number 31 is a reserved value to indicate multiple octets. + */ + +/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */ +#define CBS_ASN1_UNIVERSAL 0x00 +#define CBS_ASN1_APPLICATION 0x40 +#define CBS_ASN1_CONTEXT_SPECIFIC 0x80 +#define CBS_ASN1_PRIVATE 0xc0 + +/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */ +#define CBS_ASN1_PRIMITIVE 0x00 +#define CBS_ASN1_CONSTRUCTED 0x20 + +/* + * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of + * the universal class. + */ + +/* + * Common universal identifier octets. + * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers. + * + * Note: These definitions are the cause of some of the strange behavior in + * CBS's bs_ber.c. + * + * In BER, it is the sender's option to use primitive or constructed for + * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1). + * + * In DER, bitstring and octetstring are required to be primitive + * (X.690 section 10.2). + */ +#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1) +#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2) +#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3) +#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4) +#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6) +#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa) +#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10) +#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11) + +/* + * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not + * including tag and length bytes) and advances |cbs| over it. The ASN.1 + * element must match |tag_value|. It returns one on success and zero + * on error. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the + * ASN.1 header bytes too. + */ +int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one + * if the next ASN.1 element on |cbs| would have tag |tag_value|. If + * |cbs| is empty or the tag does not match, it returns zero. Note: if + * it returns one, CBS_get_asn1 may still fail if the rest of the + * element is malformed. + */ +int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value); + +/* + * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. + * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore + * the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len); + +/* + * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1| + * and sets |*out| to its value. It returns one on success and zero on error, + * where error includes the integer being negative, or too large to represent + * in 64 bits. + */ +int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_optional_asn1 gets an optional explicitly-tagged element + * from |cbs| tagged with |tag| and sets |*out| to its contents. If + * present, it sets |*out_present| to one, otherwise zero. It returns + * one on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_octet_string gets an optional + * explicitly-tagged OCTET STRING from |cbs|. If present, it sets + * |*out| to the string and |*out_present| to one. Otherwise, it sets + * |*out| to empty and |*out_present| to zero. |out_present| may be + * NULL. It returns one on success, whether or not the element was + * present, and zero on decode failure. + */ +int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged + * INTEGER from |cbs|. If present, it sets |*out| to the + * value. Otherwise, it sets |*out| to |default_value|. It returns one + * on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value); + +/* + * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from + * |cbs|. If present, it sets |*out| to either zero or one, based on the + * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on + * success, whether or not the element was present, and zero on decode + * failure. + */ +int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value); + + +/* + * CRYPTO ByteBuilder. + * + * |CBB| objects allow one to build length-prefixed serialisations. A |CBB| + * object is associated with a buffer and new buffers are created with + * |CBB_init|. Several |CBB| objects can point at the same buffer when a + * length-prefix is pending, however only a single |CBB| can be 'current' at + * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then + * the new |CBB| points at the same buffer as the original. But if the original + * |CBB| is used then the length prefix is written out and the new |CBB| must + * not be used again. + * + * If one needs to force a length prefix to be written out because a |CBB| is + * going out of scope, use |CBB_flush|. + */ + +struct cbb_buffer_st { + uint8_t *buf; + + /* The number of valid bytes. */ + size_t len; + + /* The size of buf. */ + size_t cap; + + /* + * One iff |buf| is owned by this object. If not then |buf| cannot be + * resized. + */ + char can_resize; +}; + +typedef struct cbb_st { + struct cbb_buffer_st *base; + + /* + * offset is the offset from the start of |base->buf| to the position of any + * pending length-prefix. + */ + size_t offset; + + /* child points to a child CBB if a length-prefix is pending. */ + struct cbb_st *child; + + /* + * pending_len_len contains the number of bytes in a pending length-prefix, + * or zero if no length-prefix is pending. + */ + uint8_t pending_len_len; + + char pending_is_asn1; + + /* + * is_top_level is true iff this is a top-level |CBB| (as opposed to a child + * |CBB|). Top-level objects are valid arguments for |CBB_finish|. + */ + char is_top_level; +} CBB; + +/* + * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as + * needed, the |initial_capacity| is just a hint. It returns one on success or + * zero on error. + */ +int CBB_init(CBB *cbb, size_t initial_capacity); + +/* + * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since + * |buf| cannot grow, trying to write more than |len| bytes will cause CBB + * functions to fail. It returns one on success or zero on error. + */ +int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len); + +/* + * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects + * writing to the same buffer. This should be used in an error case where a + * serialisation is abandoned. + */ +void CBB_cleanup(CBB *cbb); + +/* + * CBB_finish completes any pending length prefix and sets |*out_data| to a + * malloced buffer and |*out_len| to the length of that buffer. The caller + * takes ownership of the buffer and, unless the buffer was fixed with + * |CBB_init_fixed|, must call |free| when done. + * + * It can only be called on a "top level" |CBB|, i.e. one initialised with + * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on + * error. + */ +int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); + +/* + * CBB_flush causes any pending length prefixes to be written out and any child + * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero + * on error. + */ +int CBB_flush(CBB *cbb); + +/* + * CBB_discard_child discards the current unflushed child of |cbb|. Neither the + * child's contents nor the length prefix will be included in the output. + */ +void CBB_discard_child(CBB *cbb); + +/* + * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The + * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit + * length. It returns one on success or zero on error. + */ +int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an + * ASN.1 object can be written. The |tag| argument will be used as the tag for + * the object. Passing in |tag| number 31 will return in an error since only + * single octet identifiers are supported. It returns one on success or zero + * on error. + */ +int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag); + +/* + * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); + +/* + * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to + * the beginning of that space. The caller must then write |len| bytes of + * actual contents to |*out_data|. It returns one on success and zero + * otherwise. + */ +int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len); + +/* + * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_u8(CBB *cbb, size_t value); + +/* + * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u16(CBB *cbb, size_t value); + +/* + * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u24(CBB *cbb, size_t value); + +/* + * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u32(CBB *cbb, size_t value); + +/* + * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u64(CBB *cbb, uint64_t value); + +/* + * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| + * and writes |value| in its contents. It returns one on success and zero on + * error. + */ +int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); + +#ifdef LIBRESSL_INTERNAL +/* + * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two + * CBS that point to the same buffer. + */ +void CBS_dup(const CBS *cbs, CBS *out); + +/* + * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. If + * strict mode is disabled and the element has indefinite length then |*out| + * will only contain the header. Each of |out|, |out_tag|, and + * |out_header_len| may be NULL to ignore the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict); + +/* + * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it + * finds indefinite-length elements that otherwise appear to be valid DER, it + * attempts to convert the DER-like data to DER and sets |*out| and + * |*out_length| to describe a malloced buffer containing the DER data. + * Additionally, |*in| will be advanced over the ASN.1 data. + * + * If it doesn't find any indefinite-length elements then it sets |*out| to + * NULL and |*in| is unmodified. + * + * This is NOT a conversion from BER to DER. There are many restrictions when + * dealing with DER data. This is only concerned with one: indefinite vs. + * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output + * from NSS. + * + * It returns one on success and zero otherwise. + */ +int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len); +#endif /* LIBRESSL_INTERNAL */ + +__END_HIDDEN_DECLS + +#endif /* OPENSSL_HEADER_BYTESTRING_H */ diff --git a/externals/libressl/crypto/camellia/cmll-masm-x86_64.S b/externals/libressl/crypto/camellia/cmll-masm-x86_64.S index 9941bb95a..e1871b501 100755 --- a/externals/libressl/crypto/camellia/cmll-masm-x86_64.S +++ b/externals/libressl/crypto/camellia/cmll-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/chacha/chacha-merged.c b/externals/libressl/crypto/chacha/chacha-merged.c index 67508f208..d24912daa 100755 --- a/externals/libressl/crypto/chacha/chacha-merged.c +++ b/externals/libressl/crypto/chacha/chacha-merged.c @@ -1,41 +1,38 @@ -/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */ +/* $OpenBSD: chacha-merged.c,v 1.10 2021/10/22 17:43:00 tb Exp $ */ /* chacha-merged.c version 20080118 D. J. Bernstein Public domain. */ -#include - #include -#define CHACHA_MINKEYLEN 16 +#define CHACHA_MINKEYLEN 16 #define CHACHA_NONCELEN 8 #define CHACHA_CTRLEN 8 #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) #define CHACHA_BLOCKLEN 64 +typedef uint8_t u8; +typedef uint32_t u32; + struct chacha_ctx { - u_int input[16]; - uint8_t ks[CHACHA_BLOCKLEN]; - uint8_t unused; + u32 input[16]; + u8 ks[CHACHA_BLOCKLEN]; + u8 unused; }; -static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, - u_int kbits) +static inline void chacha_keysetup(struct chacha_ctx *x, const u8 *k, u32 kbits) __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); -static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, - const u_char *ctr) +static inline void chacha_ivsetup(struct chacha_ctx *x, const u8 *iv, + const u8 *ctr) __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); -static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, - u_char *c, u_int bytes) +static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u8 *m, + u8 *c, u32 bytes) __attribute__((__bounded__(__buffer__, 2, 4))) __attribute__((__bounded__(__buffer__, 3, 4))); -typedef unsigned char u8; -typedef unsigned int u32; - typedef struct chacha_ctx chacha_ctx; #define U8C(v) (v##U) @@ -127,7 +124,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) u32 j8, j9, j10, j11, j12, j13, j14, j15; u8 *ctarget = NULL; u8 tmp[64]; - u_int i; + u32 i; if (!bytes) return; diff --git a/externals/libressl/crypto/cmac/cm_ameth.c b/externals/libressl/crypto/cmac/cm_ameth.c index e7e7fe0f8..26956465e 100755 --- a/externals/libressl/crypto/cmac/cm_ameth.c +++ b/externals/libressl/crypto/cmac/cm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cm_ameth.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */ +/* $OpenBSD: cm_ameth.c,v 1.8 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2010. */ @@ -57,6 +57,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* CMAC "ASN1" method. This is just here to indicate the * maximum CMAC output length and to free up a CMAC diff --git a/externals/libressl/crypto/cmac/cmac.c b/externals/libressl/crypto/cmac/cmac.c index d01ae0f3a..cd286f88e 100755 --- a/externals/libressl/crypto/cmac/cmac.c +++ b/externals/libressl/crypto/cmac/cmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: cmac.c,v 1.11 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -57,6 +57,8 @@ #include +#include "evp_locl.h" + struct CMAC_CTX_st { /* Cipher context to use */ EVP_CIPHER_CTX cctx; diff --git a/externals/libressl/crypto/cms/cms_asn1.c b/externals/libressl/crypto/cms/cms_asn1.c index ac53fec15..cc00aef0f 100755 --- a/externals/libressl/crypto/cms/cms_asn1.c +++ b/externals/libressl/crypto/cms/cms_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */ +/* $OpenBSD: cms_asn1.c,v 1.19 2022/01/14 08:16:13 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -1323,7 +1323,6 @@ static const ASN1_ADB_TABLE CMS_ContentInfo_adbtbl[] = { static const ASN1_ADB CMS_ContentInfo_adb = { .flags = 0, .offset = offsetof(CMS_ContentInfo, contentType), - .app_items = 0, .tbl = CMS_ContentInfo_adbtbl, .tblcount = sizeof(CMS_ContentInfo_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &cms_default_tt, diff --git a/externals/libressl/crypto/cms/cms_enc.c b/externals/libressl/crypto/cms/cms_enc.c index fd2df99c6..ccbb6a5de 100755 --- a/externals/libressl/crypto/cms/cms_enc.c +++ b/externals/libressl/crypto/cms/cms_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_enc.c,v 1.20 2019/08/11 11:04:18 jsing Exp $ */ +/* $OpenBSD: cms_enc.c,v 1.21 2022/01/20 10:58:35 inoguchi Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -151,7 +151,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) if (ec->keylen != tkeylen) { /* If necessary set key length */ - if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { + if (!EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen)) { /* * Only reveal failure if debugging so we don't leak information * which may be useful in MMA. diff --git a/externals/libressl/crypto/cms/cms_env.c b/externals/libressl/crypto/cms/cms_env.c index 74d957eee..a88ea6366 100755 --- a/externals/libressl/crypto/cms/cms_env.c +++ b/externals/libressl/crypto/cms/cms_env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_env.c,v 1.23 2019/10/04 18:03:56 tb Exp $ */ +/* $OpenBSD: cms_env.c,v 1.24 2021/09/08 14:33:02 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -792,6 +792,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) goto err; } + freezero(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; diff --git a/externals/libressl/crypto/cms/cms_lib.c b/externals/libressl/crypto/cms/cms_lib.c index b6580dd6f..21adef7ae 100755 --- a/externals/libressl/crypto/cms/cms_lib.c +++ b/externals/libressl/crypto/cms/cms_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_lib.c,v 1.14 2019/08/12 18:13:13 jsing Exp $ */ +/* $OpenBSD: cms_lib.c,v 1.15 2021/11/01 20:53:08 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -59,8 +59,9 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_lcl.h" +#include "x509_lcl.h" CMS_ContentInfo * d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len) diff --git a/externals/libressl/crypto/cms/cms_pwri.c b/externals/libressl/crypto/cms/cms_pwri.c index cf28dfc8d..eb241a60f 100755 --- a/externals/libressl/crypto/cms/cms_pwri.c +++ b/externals/libressl/crypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.26 2019/08/12 18:04:57 jsing Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.27 2022/01/19 13:47:44 inoguchi Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -126,7 +126,9 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid, if (encalg == NULL) { goto merr; } - ctx = EVP_CIPHER_CTX_new(); + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto merr; if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { CMSerror(ERR_R_EVP_LIB); diff --git a/externals/libressl/crypto/comp/c_rle.c b/externals/libressl/crypto/comp/c_rle.c index 7004c3502..93b2f3c71 100755 --- a/externals/libressl/crypto/comp/c_rle.c +++ b/externals/libressl/crypto/comp/c_rle.c @@ -1,10 +1,12 @@ -/* $OpenBSD: c_rle.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: c_rle.c,v 1.9 2022/01/09 23:50:10 tb Exp $ */ #include #include #include #include #include +#include "comp_local.h" + static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, diff --git a/externals/libressl/crypto/comp/c_zlib.c b/externals/libressl/crypto/comp/c_zlib.c index 0cdbb205a..bdcd7e0f3 100755 --- a/externals/libressl/crypto/comp/c_zlib.c +++ b/externals/libressl/crypto/comp/c_zlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: c_zlib.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: c_zlib.c,v 1.22 2022/01/14 08:40:57 tb Exp $ */ #include #include #include @@ -6,6 +6,8 @@ #include #include +#include "comp_local.h" + COMP_METHOD *COMP_zlib(void ); static COMP_METHOD zlib_method_nozlib = { @@ -232,7 +234,7 @@ static int bio_zlib_free(BIO *bi); static int bio_zlib_read(BIO *b, char *out, int outl); static int bio_zlib_write(BIO *b, const char *in, int inl); static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); -static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); static BIO_METHOD bio_meth_zlib = { .type = BIO_TYPE_COMP, @@ -553,7 +555,7 @@ bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) static long -bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { if (!b->next_bio) return 0; diff --git a/externals/libressl/crypto/comp/comp_err.c b/externals/libressl/crypto/comp/comp_err.c index be8a8fc70..ccc7a28cd 100755 --- a/externals/libressl/crypto/comp/comp_err.c +++ b/externals/libressl/crypto/comp/comp_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comp_err.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: comp_err.c,v 1.11 2022/01/09 23:50:10 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -60,6 +60,8 @@ #include #include +#include "comp_local.h" + /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/externals/libressl/crypto/comp/comp_lib.c b/externals/libressl/crypto/comp/comp_lib.c index dde238ef7..3f914a75f 100755 --- a/externals/libressl/crypto/comp/comp_lib.c +++ b/externals/libressl/crypto/comp/comp_lib.c @@ -1,10 +1,12 @@ -/* $OpenBSD: comp_lib.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: comp_lib.c,v 1.9 2022/01/09 23:50:10 tb Exp $ */ #include #include #include #include #include +#include "comp_local.h" + COMP_CTX * COMP_CTX_new(COMP_METHOD *meth) { diff --git a/externals/libressl/crypto/comp/comp_local.h b/externals/libressl/crypto/comp/comp_local.h new file mode 100755 index 000000000..fc1888711 --- /dev/null +++ b/externals/libressl/crypto/comp/comp_local.h @@ -0,0 +1,36 @@ +/* $OpenBSD: comp_local.h,v 1.2 2022/01/14 08:21:12 tb Exp $ */ + +#ifndef HEADER_COMP_LOCAL_H +#define HEADER_COMP_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct CMP_CTX; + +struct comp_method_st { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); +} /* COMP_METHOD */; + +struct comp_ctx_st { + COMP_METHOD *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; + + CRYPTO_EX_DATA ex_data; +} /* COMP_CTX */; + +__END_HIDDEN_DECLS + +#endif /* !HEADER_COMP_LOCAL_H */ diff --git a/externals/libressl/crypto/compat/arc4random.c b/externals/libressl/crypto/compat/arc4random.c index 2bb4dbfd8..6f95d5726 100755 --- a/externals/libressl/crypto/compat/arc4random.c +++ b/externals/libressl/crypto/compat/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ +/* $OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $ */ /* * Copyright (c) 1996, David Mazieres @@ -78,7 +78,7 @@ _rs_init(u_char *buf, size_t n) _exit(1); } - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } diff --git a/externals/libressl/crypto/compat/chacha_private.h b/externals/libressl/crypto/compat/chacha_private.h index 7c3680fa6..b0427b6b3 100755 --- a/externals/libressl/crypto/compat/chacha_private.h +++ b/externals/libressl/crypto/compat/chacha_private.h @@ -4,7 +4,7 @@ D. J. Bernstein Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */ typedef unsigned char u8; typedef unsigned int u32; @@ -52,7 +52,7 @@ static const char sigma[16] = "expand 32-byte k"; static const char tau[16] = "expand 16-byte k"; static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) { const char *constants; diff --git a/externals/libressl/crypto/compat/getentropy_aix.c b/externals/libressl/crypto/compat/getentropy_aix.c index 422e685dd..7fb857e6d 100755 --- a/externals/libressl/crypto/compat/getentropy_aix.c +++ b/externals/libressl/crypto/compat/getentropy_aix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_aix.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_aix.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2015 Michael Felt @@ -134,7 +134,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/externals/libressl/crypto/compat/getentropy_freebsd.c b/externals/libressl/crypto/compat/getentropy_freebsd.c index 30cd68e97..ea90ffe20 100755 --- a/externals/libressl/crypto/compat/getentropy_freebsd.c +++ b/externals/libressl/crypto/compat/getentropy_freebsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */ /* * Copyright (c) 2014 Pawel Jakub Dawidek @@ -32,11 +32,9 @@ static size_t getentropy_sysctl(u_char *buf, size_t size) { - int mib[2]; + const int mib[2] = { CTL_KERN, KERN_ARND }; size_t len, done; - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; done = 0; do { diff --git a/externals/libressl/crypto/compat/getentropy_hpux.c b/externals/libressl/crypto/compat/getentropy_hpux.c index c981880aa..7188ae5e1 100755 --- a/externals/libressl/crypto/compat/getentropy_hpux.c +++ b/externals/libressl/crypto/compat/getentropy_hpux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_hpux.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_hpux.c,v 1.8 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -138,7 +138,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/externals/libressl/crypto/compat/getentropy_linux.c b/externals/libressl/crypto/compat/getentropy_linux.c index bc7a6bef7..c7c39c234 100755 --- a/externals/libressl/crypto/compat/getentropy_linux.c +++ b/externals/libressl/crypto/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.47 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.48 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -212,7 +212,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/externals/libressl/crypto/compat/getentropy_netbsd.c b/externals/libressl/crypto/compat/getentropy_netbsd.c index 45d68c9fd..5dc89594c 100755 --- a/externals/libressl/crypto/compat/getentropy_netbsd.c +++ b/externals/libressl/crypto/compat/getentropy_netbsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */ /* * Copyright (c) 2014 Pawel Jakub Dawidek @@ -32,11 +32,9 @@ static size_t getentropy_sysctl(u_char *buf, size_t size) { - int mib[2]; + const int mib[2] = { CTL_KERN, KERN_ARND }; size_t len, done; - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; done = 0; do { diff --git a/externals/libressl/crypto/compat/getentropy_osx.c b/externals/libressl/crypto/compat/getentropy_osx.c index 5d4067bb8..db028d19b 100755 --- a/externals/libressl/crypto/compat/getentropy_osx.c +++ b/externals/libressl/crypto/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.13 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.14 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -158,7 +158,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open("/dev/urandom", flags, 0); + fd = open("/dev/urandom", flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/externals/libressl/crypto/compat/getentropy_solaris.c b/externals/libressl/crypto/compat/getentropy_solaris.c index cf5b9bffa..e36426caf 100755 --- a/externals/libressl/crypto/compat/getentropy_solaris.c +++ b/externals/libressl/crypto/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.14 2020/05/17 14:44:20 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.15 2021/10/24 21:24:20 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -164,7 +164,7 @@ start: #ifdef O_CLOEXEC flags |= O_CLOEXEC; #endif - fd = open(path, flags, 0); + fd = open(path, flags); if (fd == -1) { if (errno == EINTR) goto start; diff --git a/externals/libressl/crypto/compat/getentropy_win.c b/externals/libressl/crypto/compat/getentropy_win.c index 2abeb27bc..64514b3a3 100755 --- a/externals/libressl/crypto/compat/getentropy_win.c +++ b/externals/libressl/crypto/compat/getentropy_win.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ +/* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */ /* * Copyright (c) 2014, Theo de Raadt @@ -21,39 +21,30 @@ */ #include +#include #include #include #include -#include -#include int getentropy(void *buf, size_t len); /* - * On Windows, CryptGenRandom is supposed to be a well-seeded - * cryptographically strong random number generator. + * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed + * to be a well-seeded, cryptographically strong random number generator. + * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom */ int getentropy(void *buf, size_t len) { - HCRYPTPROV provider; - if (len > 256) { errno = EIO; return (-1); } - if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT) == 0) - goto fail; - if (CryptGenRandom(provider, len, buf) == 0) { - CryptReleaseContext(provider, 0); - goto fail; + if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) { + errno = EIO; + return (-1); } - CryptReleaseContext(provider, 0); - return (0); -fail: - errno = EIO; - return (-1); + return (0); } diff --git a/externals/libressl/crypto/compat/recallocarray.c b/externals/libressl/crypto/compat/recallocarray.c index d93abd2da..7ab2ec5ca 100755 --- a/externals/libressl/crypto/compat/recallocarray.c +++ b/externals/libressl/crypto/compat/recallocarray.c @@ -1,4 +1,4 @@ -/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ +/* $OpenBSD: recallocarray.c,v 1.2 2021/03/18 11:16:58 claudio Exp $ */ /* * Copyright (c) 2008, 2017 Otto Moerbeek * @@ -57,7 +57,7 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) if (newsize <= oldsize) { size_t d = oldsize - newsize; - if (d < oldsize / 2 && d < getpagesize()) { + if (d < oldsize / 2 && d < (size_t)getpagesize()) { memset((char *)ptr + newsize, 0, d); return ptr; } diff --git a/externals/libressl/crypto/compat/strtonum.c b/externals/libressl/crypto/compat/strtonum.c new file mode 100755 index 000000000..fdfc72aa7 --- /dev/null +++ b/externals/libressl/crypto/compat/strtonum.c @@ -0,0 +1,65 @@ +/* $OpenBSD: strtonum.c,v 1.8 2015/09/13 08:31:48 guenther Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + int error = 0; + char *ep; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) { + error = INVALID; + } else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} diff --git a/externals/libressl/crypto/cpuid-masm-x86_64.S b/externals/libressl/crypto/cpuid-masm-x86_64.S index d64682108..0dd7baf33 100755 --- a/externals/libressl/crypto/cpuid-masm-x86_64.S +++ b/externals/libressl/crypto/cpuid-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/cpuid-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/cpuid-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/cryptlib.h b/externals/libressl/crypto/cryptlib.h index d44738bf3..6c3731d97 100755 --- a/externals/libressl/crypto/cryptlib.h +++ b/externals/libressl/crypto/cryptlib.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.h,v 1.25 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: cryptlib.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,6 +72,9 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +#define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +#define CTLOG_FILE_EVP "CTLOG_FILE" + void OPENSSL_cpuid_setup(void); #ifdef __cplusplus diff --git a/externals/libressl/crypto/crypto.sym b/externals/libressl/crypto/crypto.sym index 48a76e89b..a2dfa7220 100755 --- a/externals/libressl/crypto/crypto.sym +++ b/externals/libressl/crypto/crypto.sym @@ -16,6 +16,15 @@ AES_set_decrypt_key AES_set_encrypt_key AES_unwrap_key AES_wrap_key +ASIdOrRange_free +ASIdOrRange_it +ASIdOrRange_new +ASIdentifierChoice_free +ASIdentifierChoice_it +ASIdentifierChoice_new +ASIdentifiers_free +ASIdentifiers_it +ASIdentifiers_new ASN1_ANY_it ASN1_BIT_STRING_check ASN1_BIT_STRING_free @@ -30,14 +39,12 @@ ASN1_BIT_STRING_set_bit ASN1_BMPSTRING_free ASN1_BMPSTRING_it ASN1_BMPSTRING_new -ASN1_BOOLEAN_it ASN1_ENUMERATED_free ASN1_ENUMERATED_get ASN1_ENUMERATED_it ASN1_ENUMERATED_new ASN1_ENUMERATED_set ASN1_ENUMERATED_to_BN -ASN1_FBOOLEAN_it ASN1_GENERALIZEDTIME_adj ASN1_GENERALIZEDTIME_check ASN1_GENERALIZEDTIME_free @@ -123,9 +130,9 @@ ASN1_STRING_type_new ASN1_T61STRING_free ASN1_T61STRING_it ASN1_T61STRING_new -ASN1_TBOOLEAN_it ASN1_TIME_adj ASN1_TIME_check +ASN1_TIME_diff ASN1_TIME_free ASN1_TIME_it ASN1_TIME_new @@ -165,8 +172,6 @@ ASN1_VISIBLESTRING_it ASN1_VISIBLESTRING_new ASN1_add_oid_module ASN1_bn_print -ASN1_check_infinite_end -ASN1_const_check_infinite_end ASN1_d2i_bio ASN1_d2i_fp ASN1_dup @@ -214,6 +219,9 @@ ASN1_template_new ASN1_time_parse ASN1_time_tm_clamp_notafter ASN1_time_tm_cmp +ASRange_free +ASRange_it +ASRange_new AUTHORITY_INFO_ACCESS_free AUTHORITY_INFO_ACCESS_it AUTHORITY_INFO_ACCESS_new @@ -272,10 +280,12 @@ BIO_free_all BIO_get_accept_socket BIO_get_callback BIO_get_callback_arg +BIO_get_callback_ex BIO_get_data BIO_get_ex_data BIO_get_ex_new_index BIO_get_host_ip +BIO_get_init BIO_get_new_index BIO_get_port BIO_get_retry_BIO @@ -344,11 +354,14 @@ BIO_s_socket BIO_set BIO_set_callback BIO_set_callback_arg +BIO_set_callback_ex BIO_set_cipher BIO_set_data BIO_set_ex_data BIO_set_flags BIO_set_init +BIO_set_next +BIO_set_retry_reason BIO_set_shutdown BIO_set_tcp_ndelay BIO_snprintf @@ -388,6 +401,8 @@ BN_GENCB_call BN_GENCB_free BN_GENCB_get_arg BN_GENCB_new +BN_GENCB_set +BN_GENCB_set_old BN_GF2m_add BN_GF2m_arr2poly BN_GF2m_mod @@ -420,13 +435,16 @@ BN_RECP_CTX_set BN_X931_derive_prime_ex BN_X931_generate_Xpq BN_X931_generate_prime_ex +BN_abs_is_word BN_add BN_add_word BN_asc2bn BN_bin2bn BN_bn2bin +BN_bn2binpad BN_bn2dec BN_bn2hex +BN_bn2lebinpad BN_bn2mpi BN_clear BN_clear_bit @@ -450,6 +468,7 @@ BN_get0_nist_prime_224 BN_get0_nist_prime_256 BN_get0_nist_prime_384 BN_get0_nist_prime_521 +BN_get_flags BN_get_params BN_get_rfc2409_prime_1024 BN_get_rfc2409_prime_768 @@ -463,11 +482,17 @@ BN_get_word BN_hex2bn BN_init BN_is_bit_set +BN_is_negative +BN_is_odd +BN_is_one BN_is_prime BN_is_prime_ex BN_is_prime_fasttest BN_is_prime_fasttest_ex +BN_is_word +BN_is_zero BN_kronecker +BN_lebin2bn BN_lshift BN_lshift1 BN_mask_bits @@ -516,6 +541,7 @@ BN_reciprocal BN_rshift BN_rshift1 BN_set_bit +BN_set_flags BN_set_negative BN_set_params BN_set_word @@ -525,10 +551,13 @@ BN_sub_word BN_swap BN_to_ASN1_ENUMERATED BN_to_ASN1_INTEGER +BN_to_montgomery BN_uadd BN_ucmp BN_usub BN_value_one +BN_with_flags +BN_zero_ex BUF_MEM_free BUF_MEM_grow BUF_MEM_grow_clean @@ -824,6 +853,27 @@ CRYPTO_strdup CRYPTO_thread_id CRYPTO_xchacha_20 CRYPTO_xts128_encrypt +CTLOG_STORE_free +CTLOG_STORE_get0_log_by_id +CTLOG_STORE_load_default_file +CTLOG_STORE_load_file +CTLOG_STORE_new +CTLOG_free +CTLOG_get0_log_id +CTLOG_get0_name +CTLOG_get0_public_key +CTLOG_new +CTLOG_new_from_base64 +CT_POLICY_EVAL_CTX_free +CT_POLICY_EVAL_CTX_get0_cert +CT_POLICY_EVAL_CTX_get0_issuer +CT_POLICY_EVAL_CTX_get0_log_store +CT_POLICY_EVAL_CTX_get_time +CT_POLICY_EVAL_CTX_new +CT_POLICY_EVAL_CTX_set1_cert +CT_POLICY_EVAL_CTX_set1_issuer +CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE +CT_POLICY_EVAL_CTX_set_time Camellia_cbc_encrypt Camellia_cfb128_encrypt Camellia_cfb1_encrypt @@ -886,11 +936,17 @@ DH_generate_key DH_generate_parameters DH_generate_parameters_ex DH_get0_engine +DH_get0_g DH_get0_key +DH_get0_p DH_get0_pqg +DH_get0_priv_key +DH_get0_pub_key +DH_get0_q DH_get_default_method DH_get_ex_data DH_get_ex_new_index +DH_get_length DH_new DH_new_method DH_set0_key @@ -928,6 +984,7 @@ DSA_SIG_get0 DSA_SIG_it DSA_SIG_new DSA_SIG_set0 +DSA_bits DSA_clear_flags DSA_do_sign DSA_do_verify @@ -937,8 +994,13 @@ DSA_generate_key DSA_generate_parameters DSA_generate_parameters_ex DSA_get0_engine +DSA_get0_g DSA_get0_key +DSA_get0_p DSA_get0_pqg +DSA_get0_priv_key +DSA_get0_pub_key +DSA_get0_q DSA_get_default_method DSA_get_ex_data DSA_get_ex_new_index @@ -1003,6 +1065,8 @@ ECDH_size ECDSA_OpenSSL ECDSA_SIG_free ECDSA_SIG_get0 +ECDSA_SIG_get0_r +ECDSA_SIG_get0_s ECDSA_SIG_it ECDSA_SIG_new ECDSA_SIG_set0 @@ -1047,6 +1111,7 @@ EC_GROUP_get0_seed EC_GROUP_get_asn1_flag EC_GROUP_get_basis_type EC_GROUP_get_cofactor +EC_GROUP_get_curve EC_GROUP_get_curve_GF2m EC_GROUP_get_curve_GFp EC_GROUP_get_curve_name @@ -1062,8 +1127,10 @@ EC_GROUP_new EC_GROUP_new_by_curve_name EC_GROUP_new_curve_GF2m EC_GROUP_new_curve_GFp +EC_GROUP_order_bits EC_GROUP_precompute_mult EC_GROUP_set_asn1_flag +EC_GROUP_set_curve EC_GROUP_set_curve_GF2m EC_GROUP_set_curve_GFp EC_GROUP_set_curve_name @@ -1128,6 +1195,7 @@ EC_POINT_dbl EC_POINT_dup EC_POINT_free EC_POINT_get_Jprojective_coordinates_GFp +EC_POINT_get_affine_coordinates EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coordinates_GFp EC_POINT_hex2point @@ -1143,8 +1211,10 @@ EC_POINT_point2bn EC_POINT_point2hex EC_POINT_point2oct EC_POINT_set_Jprojective_coordinates_GFp +EC_POINT_set_affine_coordinates EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coordinates_GFp +EC_POINT_set_compressed_coordinates EC_POINT_set_compressed_coordinates_GF2m EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_to_infinity @@ -1383,7 +1453,9 @@ ESS_SIGNING_CERT_free ESS_SIGNING_CERT_it ESS_SIGNING_CERT_new EVP_AEAD_CTX_cleanup +EVP_AEAD_CTX_free EVP_AEAD_CTX_init +EVP_AEAD_CTX_new EVP_AEAD_CTX_open EVP_AEAD_CTX_seal EVP_AEAD_key_length @@ -1392,6 +1464,7 @@ EVP_AEAD_max_tag_len EVP_AEAD_nonce_length EVP_BytesToKey EVP_CIPHER_CTX_block_size +EVP_CIPHER_CTX_buf_noconst EVP_CIPHER_CTX_cipher EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_clear_flags @@ -1401,6 +1474,7 @@ EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_flags EVP_CIPHER_CTX_free EVP_CIPHER_CTX_get_app_data +EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_init EVP_CIPHER_CTX_iv_length @@ -1410,6 +1484,7 @@ EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_rand_key EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_set_app_data +EVP_CIPHER_CTX_set_cipher_data EVP_CIPHER_CTX_set_flags EVP_CIPHER_CTX_set_iv EVP_CIPHER_CTX_set_key_length @@ -1447,9 +1522,11 @@ EVP_DigestFinal EVP_DigestFinal_ex EVP_DigestInit EVP_DigestInit_ex +EVP_DigestSign EVP_DigestSignFinal EVP_DigestSignInit EVP_DigestUpdate +EVP_DigestVerify EVP_DigestVerifyFinal EVP_DigestVerifyInit EVP_ENCODE_CTX_free @@ -1473,14 +1550,30 @@ EVP_MD_CTX_destroy EVP_MD_CTX_free EVP_MD_CTX_init EVP_MD_CTX_md +EVP_MD_CTX_md_data EVP_MD_CTX_new +EVP_MD_CTX_pkey_ctx EVP_MD_CTX_reset EVP_MD_CTX_set_flags +EVP_MD_CTX_set_pkey_ctx EVP_MD_CTX_test_flags EVP_MD_block_size EVP_MD_do_all EVP_MD_do_all_sorted EVP_MD_flags +EVP_MD_meth_dup +EVP_MD_meth_free +EVP_MD_meth_new +EVP_MD_meth_set_app_datasize +EVP_MD_meth_set_cleanup +EVP_MD_meth_set_copy +EVP_MD_meth_set_ctrl +EVP_MD_meth_set_final +EVP_MD_meth_set_flags +EVP_MD_meth_set_init +EVP_MD_meth_set_input_blocksize +EVP_MD_meth_set_result_size +EVP_MD_meth_set_update EVP_MD_pkey_type EVP_MD_size EVP_MD_type @@ -1524,14 +1617,18 @@ EVP_PKEY_asn1_get0 EVP_PKEY_asn1_get0_info EVP_PKEY_asn1_get_count EVP_PKEY_asn1_new +EVP_PKEY_asn1_set_check EVP_PKEY_asn1_set_ctrl EVP_PKEY_asn1_set_free EVP_PKEY_asn1_set_param +EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_private EVP_PKEY_asn1_set_public +EVP_PKEY_asn1_set_public_check EVP_PKEY_assign EVP_PKEY_base_id EVP_PKEY_bits +EVP_PKEY_check EVP_PKEY_cmp EVP_PKEY_cmp_parameters EVP_PKEY_copy_parameters @@ -1571,6 +1668,7 @@ EVP_PKEY_meth_find EVP_PKEY_meth_free EVP_PKEY_meth_get0_info EVP_PKEY_meth_new +EVP_PKEY_meth_set_check EVP_PKEY_meth_set_cleanup EVP_PKEY_meth_set_copy EVP_PKEY_meth_set_ctrl @@ -1579,7 +1677,9 @@ EVP_PKEY_meth_set_derive EVP_PKEY_meth_set_encrypt EVP_PKEY_meth_set_init EVP_PKEY_meth_set_keygen +EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_paramgen +EVP_PKEY_meth_set_public_check EVP_PKEY_meth_set_sign EVP_PKEY_meth_set_signctx EVP_PKEY_meth_set_verify @@ -1587,12 +1687,15 @@ EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_verifyctx EVP_PKEY_missing_parameters EVP_PKEY_new +EVP_PKEY_new_CMAC_key EVP_PKEY_new_mac_key +EVP_PKEY_param_check EVP_PKEY_paramgen EVP_PKEY_paramgen_init EVP_PKEY_print_params EVP_PKEY_print_private EVP_PKEY_print_public +EVP_PKEY_public_check EVP_PKEY_save_parameters EVP_PKEY_set1_DH EVP_PKEY_set1_DSA @@ -1708,9 +1811,6 @@ EVP_des_ede_ecb EVP_des_ede_ofb EVP_des_ofb EVP_desx_cbc -EVP_dss -EVP_dss1 -EVP_ecdsa EVP_enc_null EVP_get_cipherbyname EVP_get_digestbyname @@ -1760,6 +1860,8 @@ EVP_whirlpool EXTENDED_KEY_USAGE_free EXTENDED_KEY_USAGE_it EXTENDED_KEY_USAGE_new +FIPS_mode +FIPS_mode_set GENERAL_NAMES_free GENERAL_NAMES_it GENERAL_NAMES_new @@ -1811,11 +1913,9 @@ HKDF HKDF_expand HKDF_extract HMAC -HMAC_CTX_cleanup HMAC_CTX_copy HMAC_CTX_free HMAC_CTX_get_md -HMAC_CTX_init HMAC_CTX_new HMAC_CTX_reset HMAC_CTX_set_flags @@ -1823,6 +1923,18 @@ HMAC_Final HMAC_Init HMAC_Init_ex HMAC_Update +IPAddressChoice_free +IPAddressChoice_it +IPAddressChoice_new +IPAddressFamily_free +IPAddressFamily_it +IPAddressFamily_new +IPAddressOrRange_free +IPAddressOrRange_it +IPAddressOrRange_new +IPAddressRange_free +IPAddressRange_it +IPAddressRange_new ISSUING_DIST_POINT_free ISSUING_DIST_POINT_it ISSUING_DIST_POINT_new @@ -1857,12 +1969,6 @@ NCONF_new NETSCAPE_CERT_SEQUENCE_free NETSCAPE_CERT_SEQUENCE_it NETSCAPE_CERT_SEQUENCE_new -NETSCAPE_ENCRYPTED_PKEY_free -NETSCAPE_ENCRYPTED_PKEY_it -NETSCAPE_ENCRYPTED_PKEY_new -NETSCAPE_PKEY_free -NETSCAPE_PKEY_it -NETSCAPE_PKEY_new NETSCAPE_SPKAC_free NETSCAPE_SPKAC_it NETSCAPE_SPKAC_new @@ -1876,9 +1982,6 @@ NETSCAPE_SPKI_print NETSCAPE_SPKI_set_pubkey NETSCAPE_SPKI_sign NETSCAPE_SPKI_verify -NETSCAPE_X509_free -NETSCAPE_X509_it -NETSCAPE_X509_new NOTICEREF_free NOTICEREF_it NOTICEREF_new @@ -1893,7 +1996,6 @@ OBJ_NAME_remove OBJ_add_object OBJ_add_sigid OBJ_bsearch_ -OBJ_bsearch_ex_ OBJ_cleanup OBJ_cmp OBJ_create @@ -1901,6 +2003,8 @@ OBJ_create_objects OBJ_dup OBJ_find_sigid_algs OBJ_find_sigid_by_algs +OBJ_get0_data +OBJ_length OBJ_ln2nid OBJ_new_nid OBJ_nid2ln @@ -2033,6 +2137,13 @@ OCSP_resp_count OCSP_resp_find OCSP_resp_find_status OCSP_resp_get0 +OCSP_resp_get0_certs +OCSP_resp_get0_id +OCSP_resp_get0_produced_at +OCSP_resp_get0_respdata +OCSP_resp_get0_signature +OCSP_resp_get0_signer +OCSP_resp_get0_tbs_sigalg OCSP_response_create OCSP_response_get1_basic OCSP_response_status @@ -2078,9 +2189,6 @@ PEM_ASN1_read PEM_ASN1_read_bio PEM_ASN1_write PEM_ASN1_write_bio -PEM_SealFinal -PEM_SealInit -PEM_SealUpdate PEM_SignFinal PEM_SignInit PEM_SignUpdate @@ -2113,7 +2221,6 @@ PEM_read_RSAPublicKey PEM_read_RSA_PUBKEY PEM_read_X509 PEM_read_X509_AUX -PEM_read_X509_CERT_PAIR PEM_read_X509_CRL PEM_read_X509_REQ PEM_read_bio @@ -2137,7 +2244,6 @@ PEM_read_bio_RSAPublicKey PEM_read_bio_RSA_PUBKEY PEM_read_bio_X509 PEM_read_bio_X509_AUX -PEM_read_bio_X509_CERT_PAIR PEM_read_bio_X509_CRL PEM_read_bio_X509_REQ PEM_write @@ -2162,7 +2268,6 @@ PEM_write_RSAPublicKey PEM_write_RSA_PUBKEY PEM_write_X509 PEM_write_X509_AUX -PEM_write_X509_CERT_PAIR PEM_write_X509_CRL PEM_write_X509_REQ PEM_write_X509_REQ_NEW @@ -2187,12 +2292,12 @@ PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_PUBKEY PEM_write_bio_Parameters PEM_write_bio_PrivateKey +PEM_write_bio_PrivateKey_traditional PEM_write_bio_RSAPrivateKey PEM_write_bio_RSAPublicKey PEM_write_bio_RSA_PUBKEY PEM_write_bio_X509 PEM_write_bio_X509_AUX -PEM_write_bio_X509_CERT_PAIR PEM_write_bio_X509_CRL PEM_write_bio_X509_REQ PEM_write_bio_X509_REQ_NEW @@ -2427,8 +2532,17 @@ RSA_free RSA_generate_key RSA_generate_key_ex RSA_get0_crt_params +RSA_get0_d +RSA_get0_dmp1 +RSA_get0_dmq1 +RSA_get0_e RSA_get0_factors +RSA_get0_iqmp RSA_get0_key +RSA_get0_n +RSA_get0_p +RSA_get0_pss_params +RSA_get0_q RSA_get_default_method RSA_get_ex_data RSA_get_ex_new_index @@ -2504,6 +2618,35 @@ RSA_verify RSA_verify_ASN1_OCTET_STRING RSA_verify_PKCS1_PSS RSA_verify_PKCS1_PSS_mgf1 +SCT_LIST_free +SCT_LIST_print +SCT_LIST_validate +SCT_free +SCT_get0_extensions +SCT_get0_log_id +SCT_get0_signature +SCT_get_log_entry_type +SCT_get_signature_nid +SCT_get_source +SCT_get_timestamp +SCT_get_validation_status +SCT_get_version +SCT_new +SCT_new_from_base64 +SCT_print +SCT_set0_extensions +SCT_set0_log_id +SCT_set0_signature +SCT_set1_extensions +SCT_set1_log_id +SCT_set1_signature +SCT_set_log_entry_type +SCT_set_signature_nid +SCT_set_source +SCT_set_timestamp +SCT_set_version +SCT_validate +SCT_validation_status_string SHA1 SHA1_Final SHA1_Init @@ -2844,9 +2987,6 @@ X509_CERT_AUX_free X509_CERT_AUX_it X509_CERT_AUX_new X509_CERT_AUX_print -X509_CERT_PAIR_free -X509_CERT_PAIR_it -X509_CERT_PAIR_new X509_CINF_free X509_CINF_it X509_CINF_new @@ -2966,11 +3106,12 @@ X509_NAME_print X509_NAME_print_ex X509_NAME_print_ex_fp X509_NAME_set -X509_OBJECT_free_contents +X509_OBJECT_free X509_OBJECT_get0_X509 X509_OBJECT_get0_X509_CRL X509_OBJECT_get_type X509_OBJECT_idx_by_subject +X509_OBJECT_new X509_OBJECT_retrieve_by_subject X509_OBJECT_retrieve_match X509_OBJECT_up_ref_count @@ -3011,6 +3152,7 @@ X509_REQ_digest X509_REQ_dup X509_REQ_extension_nid X509_REQ_free +X509_REQ_get0_pubkey X509_REQ_get0_signature X509_REQ_get1_email X509_REQ_get_attr @@ -3055,6 +3197,8 @@ X509_REVOKED_new X509_REVOKED_set_revocationDate X509_REVOKED_set_serialNumber X509_SIG_free +X509_SIG_get0 +X509_SIG_getm X509_SIG_it X509_SIG_new X509_STORE_CTX_cleanup @@ -3070,6 +3214,7 @@ X509_STORE_CTX_get0_store X509_STORE_CTX_get0_untrusted X509_STORE_CTX_get1_chain X509_STORE_CTX_get1_issuer +X509_STORE_CTX_get_by_subject X509_STORE_CTX_get_chain X509_STORE_CTX_get_current_cert X509_STORE_CTX_get_error @@ -3077,6 +3222,10 @@ X509_STORE_CTX_get_error_depth X509_STORE_CTX_get_ex_data X509_STORE_CTX_get_ex_new_index X509_STORE_CTX_get_explicit_policy +X509_STORE_CTX_get_num_untrusted +X509_STORE_CTX_get_obj_by_subject +X509_STORE_CTX_get_verify +X509_STORE_CTX_get_verify_cb X509_STORE_CTX_init X509_STORE_CTX_new X509_STORE_CTX_purpose_inherit @@ -3084,16 +3233,20 @@ X509_STORE_CTX_set0_crls X509_STORE_CTX_set0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_set0_untrusted +X509_STORE_CTX_set0_verified_chain X509_STORE_CTX_set_cert X509_STORE_CTX_set_chain +X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_default X509_STORE_CTX_set_depth X509_STORE_CTX_set_error +X509_STORE_CTX_set_error_depth X509_STORE_CTX_set_ex_data X509_STORE_CTX_set_flags X509_STORE_CTX_set_purpose X509_STORE_CTX_set_time X509_STORE_CTX_set_trust +X509_STORE_CTX_set_verify X509_STORE_CTX_set_verify_cb X509_STORE_CTX_trusted_stack X509_STORE_add_cert @@ -3104,8 +3257,9 @@ X509_STORE_get0_objects X509_STORE_get0_param X509_STORE_get1_certs X509_STORE_get1_crls -X509_STORE_get_by_subject X509_STORE_get_ex_data +X509_STORE_get_verify +X509_STORE_get_verify_cb X509_STORE_load_locations X509_STORE_load_mem X509_STORE_new @@ -3116,6 +3270,7 @@ X509_STORE_set_ex_data X509_STORE_set_flags X509_STORE_set_purpose X509_STORE_set_trust +X509_STORE_set_verify X509_STORE_set_verify_cb X509_STORE_up_ref X509_TRUST_add @@ -3197,6 +3352,7 @@ X509_get0_signature X509_get0_tbs_sigalg X509_get1_email X509_get1_ocsp +X509_get_X509_PUBKEY X509_get_default_cert_area X509_get_default_cert_dir X509_get_default_cert_dir_env @@ -3211,7 +3367,10 @@ X509_get_ext_by_OBJ X509_get_ext_by_critical X509_get_ext_count X509_get_ext_d2i +X509_get_extended_key_usage +X509_get_extension_flags X509_get_issuer_name +X509_get_key_usage X509_get_pubkey X509_get_pubkey_parameters X509_get_serialNumber @@ -3289,6 +3448,25 @@ X509at_get_attr_by_NID X509at_get_attr_by_OBJ X509at_get_attr_count X509v3_add_ext +X509v3_addr_add_inherit +X509v3_addr_add_prefix +X509v3_addr_add_range +X509v3_addr_canonize +X509v3_addr_get_afi +X509v3_addr_get_range +X509v3_addr_inherits +X509v3_addr_is_canonical +X509v3_addr_subset +X509v3_addr_validate_path +X509v3_addr_validate_resource_set +X509v3_asid_add_id_or_range +X509v3_asid_add_inherit +X509v3_asid_canonize +X509v3_asid_inherits +X509v3_asid_is_canonical +X509v3_asid_subset +X509v3_asid_validate_path +X509v3_asid_validate_resource_set X509v3_delete_ext X509v3_get_ext X509v3_get_ext_by_NID @@ -3319,16 +3497,6 @@ a2i_GENERAL_NAME a2i_IPADDRESS a2i_IPADDRESS_NC a2i_ipadd -asn1_do_adb -asn1_do_lock -asn1_enc_free -asn1_enc_init -asn1_enc_restore -asn1_enc_save -asn1_ex_c2i -asn1_get_choice_selector -asn1_get_field_ptr -asn1_set_choice_selector b2i_PVK_bio b2i_PrivateKey b2i_PrivateKey_bio @@ -3337,11 +3505,12 @@ b2i_PublicKey_bio c2i_ASN1_BIT_STRING c2i_ASN1_INTEGER c2i_ASN1_OBJECT -check_defer d2i_ACCESS_DESCRIPTION +d2i_ASIdOrRange +d2i_ASIdentifierChoice +d2i_ASIdentifiers d2i_ASN1_BIT_STRING d2i_ASN1_BMPSTRING -d2i_ASN1_BOOLEAN d2i_ASN1_ENUMERATED d2i_ASN1_GENERALIZEDTIME d2i_ASN1_GENERALSTRING @@ -3362,6 +3531,7 @@ d2i_ASN1_UNIVERSALSTRING d2i_ASN1_UTCTIME d2i_ASN1_UTF8STRING d2i_ASN1_VISIBLESTRING +d2i_ASRange d2i_AUTHORITY_INFO_ACCESS d2i_AUTHORITY_KEYID d2i_AutoPrivateKey @@ -3408,15 +3578,15 @@ d2i_EXTENDED_KEY_USAGE d2i_GENERAL_NAME d2i_GENERAL_NAMES d2i_GOST_CIPHER_PARAMS +d2i_IPAddressChoice +d2i_IPAddressFamily +d2i_IPAddressOrRange +d2i_IPAddressRange d2i_ISSUING_DIST_POINT d2i_NETSCAPE_CERT_SEQUENCE -d2i_NETSCAPE_ENCRYPTED_PKEY -d2i_NETSCAPE_PKEY d2i_NETSCAPE_SPKAC d2i_NETSCAPE_SPKI -d2i_NETSCAPE_X509 d2i_NOTICEREF -d2i_Netscape_RSA d2i_OCSP_BASICRESP d2i_OCSP_CERTID d2i_OCSP_CERTSTATUS @@ -3481,12 +3651,12 @@ d2i_RSAPrivateKey_fp d2i_RSAPublicKey d2i_RSAPublicKey_bio d2i_RSAPublicKey_fp -d2i_RSA_NET d2i_RSA_OAEP_PARAMS d2i_RSA_PSS_PARAMS d2i_RSA_PUBKEY d2i_RSA_PUBKEY_bio d2i_RSA_PUBKEY_fp +d2i_SCT_LIST d2i_SXNET d2i_SXNETID d2i_TS_ACCURACY @@ -3510,7 +3680,6 @@ d2i_X509_ALGORS d2i_X509_ATTRIBUTE d2i_X509_AUX d2i_X509_CERT_AUX -d2i_X509_CERT_PAIR d2i_X509_CINF d2i_X509_CRL d2i_X509_CRL_INFO @@ -3550,9 +3719,11 @@ i2b_PublicKey_bio i2c_ASN1_BIT_STRING i2c_ASN1_INTEGER i2d_ACCESS_DESCRIPTION +i2d_ASIdOrRange +i2d_ASIdentifierChoice +i2d_ASIdentifiers i2d_ASN1_BIT_STRING i2d_ASN1_BMPSTRING -i2d_ASN1_BOOLEAN i2d_ASN1_ENUMERATED i2d_ASN1_GENERALIZEDTIME i2d_ASN1_GENERALSTRING @@ -3573,6 +3744,7 @@ i2d_ASN1_UTCTIME i2d_ASN1_UTF8STRING i2d_ASN1_VISIBLESTRING i2d_ASN1_bio_stream +i2d_ASRange i2d_AUTHORITY_INFO_ACCESS i2d_AUTHORITY_KEYID i2d_BASIC_CONSTRAINTS @@ -3619,15 +3791,15 @@ i2d_EXTENDED_KEY_USAGE i2d_GENERAL_NAME i2d_GENERAL_NAMES i2d_GOST_CIPHER_PARAMS +i2d_IPAddressChoice +i2d_IPAddressFamily +i2d_IPAddressOrRange +i2d_IPAddressRange i2d_ISSUING_DIST_POINT i2d_NETSCAPE_CERT_SEQUENCE -i2d_NETSCAPE_ENCRYPTED_PKEY -i2d_NETSCAPE_PKEY i2d_NETSCAPE_SPKAC i2d_NETSCAPE_SPKI -i2d_NETSCAPE_X509 i2d_NOTICEREF -i2d_Netscape_RSA i2d_OCSP_BASICRESP i2d_OCSP_CERTID i2d_OCSP_CERTSTATUS @@ -3698,12 +3870,12 @@ i2d_RSAPrivateKey_fp i2d_RSAPublicKey i2d_RSAPublicKey_bio i2d_RSAPublicKey_fp -i2d_RSA_NET i2d_RSA_OAEP_PARAMS i2d_RSA_PSS_PARAMS i2d_RSA_PUBKEY i2d_RSA_PUBKEY_bio i2d_RSA_PUBKEY_fp +i2d_SCT_LIST i2d_SXNET i2d_SXNETID i2d_TS_ACCURACY @@ -3727,7 +3899,6 @@ i2d_X509_ALGORS i2d_X509_ATTRIBUTE i2d_X509_AUX i2d_X509_CERT_AUX -i2d_X509_CERT_PAIR i2d_X509_CINF i2d_X509_CRL i2d_X509_CRL_INFO @@ -3747,7 +3918,12 @@ i2d_X509_SIG i2d_X509_VAL i2d_X509_bio i2d_X509_fp +i2d_re_X509_CRL_tbs +i2d_re_X509_REQ_tbs +i2d_re_X509_tbs i2o_ECPublicKey +i2o_SCT +i2o_SCT_LIST i2s_ASN1_ENUMERATED i2s_ASN1_ENUMERATED_TABLE i2s_ASN1_INTEGER @@ -3779,9 +3955,9 @@ lh_retrieve lh_stats lh_stats_bio lh_strhash -name_cmp o2i_ECPublicKey -obj_cleanup_defer +o2i_SCT +o2i_SCT_LIST s2i_ASN1_INTEGER s2i_ASN1_OCTET_STRING sk_delete diff --git a/externals/libressl/crypto/ct/ct_b64.c b/externals/libressl/crypto/ct/ct_b64.c new file mode 100755 index 000000000..bfc69a7da --- /dev/null +++ b/externals/libressl/crypto/ct/ct_b64.c @@ -0,0 +1,224 @@ +/* $OpenBSD: ct_b64.c,v 1.6 2021/12/20 17:19:19 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include + +#include "bytestring.h" +#include "ct_local.h" + +/* + * Decodes the base64 string |in| into |out|. + * A new string will be malloc'd and assigned to |out|. This will be owned by + * the caller. Do not provide a pre-allocated string in |out|. + */ +static int +ct_base64_decode(const char *in, unsigned char **out) +{ + size_t inlen = strlen(in); + int outlen, i; + unsigned char *outbuf = NULL; + + if (inlen == 0) { + *out = NULL; + return 0; + } + + outlen = (inlen / 4) * 3; + outbuf = malloc(outlen); + if (outbuf == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); + if (outlen < 0) { + CTerror(CT_R_BASE64_DECODE_ERROR); + goto err; + } + + /* + * Subtract padding bytes from |outlen|. + * Any more than 2 is malformed. + */ + i = 0; + while (in[--inlen] == '=') { + --outlen; + if (++i > 2) + goto err; + } + + *out = outbuf; + return outlen; + err: + free(outbuf); + return -1; +} + +SCT * +SCT_new_from_base64(unsigned char version, const char *logid_base64, + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, const char *signature_base64) +{ + unsigned char *dec = NULL; + int declen; + SCT *sct; + CBS cbs; + + if ((sct = SCT_new()) == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* + * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we + * can only construct SCT versions that have been defined. + */ + if (!SCT_set_version(sct, version)) { + CTerror(CT_R_SCT_UNSUPPORTED_VERSION); + goto err; + } + + declen = ct_base64_decode(logid_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + if (!SCT_set0_log_id(sct, dec, declen)) + goto err; + dec = NULL; + + declen = ct_base64_decode(extensions_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + SCT_set0_extensions(sct, dec, declen); + dec = NULL; + + declen = ct_base64_decode(signature_base64, &dec); + if (declen < 0) { + CTerror(X509_R_BASE64_DECODE_ERROR); + goto err; + } + + CBS_init(&cbs, dec, declen); + if (!o2i_SCT_signature(sct, &cbs)) + goto err; + free(dec); + dec = NULL; + + SCT_set_timestamp(sct, timestamp); + + if (!SCT_set_log_entry_type(sct, entry_type)) + goto err; + + return sct; + + err: + free(dec); + SCT_free(sct); + return NULL; +} + +/* + * Allocate, build and returns a new |ct_log| from input |pkey_base64| + * It returns 1 on success, + * 0 on decoding failure, or invalid parameter if any + * -1 on internal (malloc) failure + */ +int +CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) +{ + unsigned char *pkey_der = NULL; + int pkey_der_len; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + if (ct_log == NULL) { + CTerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); + if (pkey_der_len < 0) { + CTerror(CT_R_LOG_CONF_INVALID_KEY); + return 0; + } + + p = pkey_der; + pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); + free(pkey_der); + if (pkey == NULL) { + CTerror(CT_R_LOG_CONF_INVALID_KEY); + return 0; + } + + *ct_log = CTLOG_new(pkey, name); + if (*ct_log == NULL) { + EVP_PKEY_free(pkey); + return 0; + } + + return 1; +} diff --git a/externals/libressl/crypto/ct/ct_err.c b/externals/libressl/crypto/ct/ct_err.c new file mode 100755 index 000000000..fc9ca0cbf --- /dev/null +++ b/externals/libressl/crypto/ct/ct_err.c @@ -0,0 +1,152 @@ +/* $OpenBSD: ct_err.c,v 1.5 2021/12/18 16:50:40 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA CT_str_functs[] = { + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), + "CTLOG_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), + "ctlog_new_from_conf"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), + "ctlog_store_load_ctx_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), + "CTLOG_STORE_load_file"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), + "ctlog_store_load_log"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), + "CT_POLICY_EVAL_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), + "ct_v1_log_id_from_pkey"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), + "SCT_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), + "SCT_set1_extensions"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), + "SCT_set1_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), + "SCT_set_log_entry_type"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), + "SCT_set_signature_nid"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, + {0, NULL} +}; + +static ERR_STRING_DATA CT_str_reasons[] = { + {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), + "base64 decode error"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), + "invalid log id length"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), + "log conf invalid key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), + "log conf missing description"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), + "log conf missing key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), + "sct future timestamp"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), + "sct invalid signature"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), + "sct log id mismatch"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), + "sct unsupported version"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), + "unrecognized signature nid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), + "unsupported entry type"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), + "unsupported version"}, + {0, NULL} +}; + +#endif + +int +ERR_load_CT_strings(void) +{ + if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { + ERR_load_strings(0, CT_str_functs); + ERR_load_strings(0, CT_str_reasons); + } + return 1; +} diff --git a/externals/libressl/crypto/ct/ct_local.h b/externals/libressl/crypto/ct/ct_local.h new file mode 100755 index 000000000..cd19ed096 --- /dev/null +++ b/externals/libressl/crypto/ct/ct_local.h @@ -0,0 +1,260 @@ +/* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */ +/* + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include +#include +#include +#include +#include + +#include "bytestring.h" + +/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ +#define CT_V1_LOG_ID_LEN 32 + +/* Maximum size of an SCT - see RFC 6962 section 3.3. */ +#define MAX_SCT_SIZE 65535 +#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE + +/* + * Macros to write integers in network-byte order. + */ + +#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ + c[1]=(unsigned char)(((s) )&0xff)),c+=2) + +#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ + c[1]=(unsigned char)(((l)>> 8)&0xff), \ + c[2]=(unsigned char)(((l) )&0xff)),c+=3) + +#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* Signed Certificate Timestamp */ +struct sct_st { + sct_version_t version; + /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ + unsigned char *sct; + size_t sct_len; + /* + * If version is SCT_VERSION_V1, fields below contain components of + * the SCT + */ + unsigned char *log_id; + size_t log_id_len; + /* + * Note, we cannot distinguish between an unset timestamp, and one + * that is set to 0. However since CT didn't exist in 1970, no real + * SCT should ever be set as such. + */ + uint64_t timestamp; + unsigned char *ext; + size_t ext_len; + unsigned char hash_alg; + unsigned char sig_alg; + unsigned char *sig; + size_t sig_len; + /* Log entry type */ + ct_log_entry_type_t entry_type; + /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ + sct_source_t source; + /* The result of the last attempt to validate this SCT. */ + sct_validation_status_t validation_status; +}; + +/* Miscellaneous data that is useful when verifying an SCT */ +struct sct_ctx_st { + /* Public key */ + EVP_PKEY *pkey; + /* Hash of public key */ + unsigned char *pkeyhash; + size_t pkeyhashlen; + /* For pre-certificate: issuer public key hash */ + unsigned char *ihash; + size_t ihashlen; + /* certificate encoding */ + unsigned char *certder; + size_t certderlen; + /* pre-certificate encoding */ + unsigned char *preder; + size_t prederlen; + /* + * milliseconds since epoch (to check that the SCT isn't from the + * future) + */ + uint64_t epoch_time_in_ms; +}; + +/* Context when evaluating whether a Certificate Transparency policy is met */ +struct ct_policy_eval_ctx_st { + X509 *cert; + X509 *issuer; + CTLOG_STORE *log_store; + /* + * milliseconds since epoch (to check that the SCT isn't from the + * future) + */ + uint64_t epoch_time_in_ms; +}; + +/* + * Creates a new context for verifying an SCT. + */ +SCT_CTX *SCT_CTX_new(void); +/* + * Deletes an SCT verification context. + */ +void SCT_CTX_free(SCT_CTX *sctx); + +/* + * Sets the certificate that the SCT was created for. + * If *cert does not have a poison extension, presigner must be NULL. + * If *cert does not have a poison extension, it may have a single SCT + * (NID_ct_precert_scts) extension. + * If either *cert or *presigner have an AKID (NID_authority_key_identifier) + * extension, both must have one. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); + +/* + * Sets the issuer of the certificate that the SCT was created for. + * This is just a convenience method to save extracting the public key and + * calling SCT_CTX_set1_issuer_pubkey(). + * Issuer must not be NULL. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); + +/* + * Sets the public key of the issuer of the certificate that the SCT was created + * for. + * The public key must not be NULL. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the public key of the CT log that the SCT is from. + * Returns 1 on success, 0 on failure. + */ +int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); + +/* + * Sets the time to evaluate the SCT against, in milliseconds since the Unix + * epoch. If the SCT's timestamp is after this time, it will be interpreted as + * having been issued in the future. RFC6962 states that "TLS clients MUST + * reject SCTs whose timestamp is in the future", so an SCT will not validate + * in this case. + */ +void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); + +/* + * Verifies an SCT with the given context. + * Returns 1 if the SCT verifies successfully; any other value indicates + * failure. See EVP_DigestVerifyFinal() for the meaning of those values. + */ +int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); + +/* + * Does this SCT have the minimum fields populated to be usable? + * Returns 1 if so, 0 otherwise. + */ +int SCT_is_complete(const SCT *sct); + +/* + * Does this SCT have the signature-related fields populated? + * Returns 1 if so, 0 otherwise. + * This checks that the signature and hash algorithms are set to supported + * values and that the signature field is set. + */ +int SCT_signature_is_complete(const SCT *sct); + +/* + * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature + * and o2i_SCT_signature conform to the i2d/d2i conventions. + */ + +/* + * Serialize (to TLS format) an |sct| signature and write it to |out|. + * If |out| is null, no signature will be output but the length will be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format signature. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the signature will be written to it. + * The length of the signature in TLS format will be returned. + */ +int i2o_SCT_signature(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT signature in TLS format and populates the |sct| with it. + * |in| should be a pointer to a string containing the TLS-format signature. + * |in| will be advanced to the end of the signature if parsing succeeds. + * |len| should be the length of the signature in |in|. + * Returns the number of bytes parsed, or a negative integer if an error occurs. + * If an error occurs, the SCT's signature NID may be updated whilst the + * signature field itself remains unset. + */ +int o2i_SCT_signature(SCT *sct, CBS *cbs); + +/* + * Handlers for Certificate Transparency X509v3/OCSP extensions + */ +extern const X509V3_EXT_METHOD v3_ct_scts[3]; diff --git a/externals/libressl/crypto/ct/ct_log.c b/externals/libressl/crypto/ct/ct_log.c new file mode 100755 index 000000000..f6e3aa25d --- /dev/null +++ b/externals/libressl/crypto/ct/ct_log.c @@ -0,0 +1,365 @@ +/* $OpenBSD: ct_log.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* Author: Adam Eijdenberg . */ +/* ==================================================================== + * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include "cryptlib.h" + + +/* + * Information about a CT log server. + */ +struct ctlog_st { + char *name; + uint8_t log_id[CT_V1_HASHLEN]; + EVP_PKEY *public_key; +}; + +/* + * A store for multiple CTLOG instances. + * It takes ownership of any CTLOG instances added to it. + */ +struct ctlog_store_st { + STACK_OF(CTLOG) *logs; +}; + +/* The context when loading a CT log list from a CONF file. */ +typedef struct ctlog_store_load_ctx_st { + CTLOG_STORE *log_store; + CONF *conf; + size_t invalid_log_entries; +} CTLOG_STORE_LOAD_CTX; + +/* + * Creates an empty context for loading a CT log store. + * It should be populated before use. + */ +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); + +/* + * Deletes a CT log store load context. + * Does not delete any of the fields. + */ +static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx); + +static CTLOG_STORE_LOAD_CTX * +ctlog_store_load_ctx_new(void) +{ + CTLOG_STORE_LOAD_CTX *ctx = calloc(1, sizeof(*ctx)); + + if (ctx == NULL) + CTerror(ERR_R_MALLOC_FAILURE); + + return ctx; +} + +static void +ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx) +{ + free(ctx); +} + +/* Converts a log's public key into a SHA256 log ID */ +static int +ct_v1_log_id_from_pkey(EVP_PKEY *pkey, unsigned char log_id[CT_V1_HASHLEN]) +{ + int ret = 0; + unsigned char *pkey_der = NULL; + int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); + + if (pkey_der_len <= 0) { + CTerror(CT_R_LOG_KEY_INVALID); + goto err; + } + + SHA256(pkey_der, pkey_der_len, log_id); + ret = 1; + err: + free(pkey_der); + return ret; +} + +CTLOG_STORE * +CTLOG_STORE_new(void) +{ + CTLOG_STORE *ret = calloc(1, sizeof(*ret)); + + if (ret == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->logs = sk_CTLOG_new_null(); + if (ret->logs == NULL) + goto err; + + return ret; + err: + free(ret); + return NULL; +} + +void +CTLOG_STORE_free(CTLOG_STORE *store) +{ + if (store != NULL) { + sk_CTLOG_pop_free(store->logs, CTLOG_free); + free(store); + } +} + +static int +ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section) +{ + const char *description = NCONF_get_string(conf, section, + "description"); + char *pkey_base64; + + if (description == NULL) { + CTerror(CT_R_LOG_CONF_MISSING_DESCRIPTION); + return 0; + } + + pkey_base64 = NCONF_get_string(conf, section, "key"); + if (pkey_base64 == NULL) { + CTerror(CT_R_LOG_CONF_MISSING_KEY); + return 0; + } + + return CTLOG_new_from_base64(ct_log, pkey_base64, description); +} + +int +CTLOG_STORE_load_default_file(CTLOG_STORE *store) +{ + return CTLOG_STORE_load_file(store, CTLOG_FILE); +} + +/* + * Called by CONF_parse_list, which stops if this returns <= 0, + * Otherwise, one bad log entry would stop loading of any of + * the following log entries. + * It may stop parsing and returns -1 on any internal (malloc) error. + */ +static int +ctlog_store_load_log(const char *log_name, int log_name_len, void *arg) +{ + CTLOG_STORE_LOAD_CTX *load_ctx = arg; + CTLOG *ct_log = NULL; + /* log_name may not be null-terminated, so fix that before using it */ + char *tmp; + int ret = 0; + + /* log_name will be NULL for empty list entries */ + if (log_name == NULL) + return 1; + + tmp = strndup(log_name, log_name_len); + if (tmp == NULL) + goto mem_err; + + ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp); + free(tmp); + + if (ret < 0) { + /* Propagate any internal error */ + return ret; + } + if (ret == 0) { + /* If we can't load this log, record that fact and skip it */ + ++load_ctx->invalid_log_entries; + return 1; + } + + if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { + goto mem_err; + } + return 1; + + mem_err: + CTLOG_free(ct_log); + CTerror(ERR_R_MALLOC_FAILURE); + return -1; +} + +int +CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) +{ + int ret = 0; + char *enabled_logs; + CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); + + if (load_ctx == NULL) + return 0; + load_ctx->log_store = store; + load_ctx->conf = NCONF_new(NULL); + if (load_ctx->conf == NULL) + goto end; + + if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); + if (enabled_logs == NULL) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || + load_ctx->invalid_log_entries > 0) { + CTerror(CT_R_LOG_CONF_INVALID); + goto end; + } + + ret = 1; + end: + NCONF_free(load_ctx->conf); + ctlog_store_load_ctx_free(load_ctx); + return ret; +} + +/* + * Initialize a new CTLOG object. + * Takes ownership of the public key. + * Copies the name. + */ +CTLOG * +CTLOG_new(EVP_PKEY *public_key, const char *name) +{ + CTLOG *ret = calloc(1, sizeof(*ret)); + + if (ret == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->name = strdup(name); + if (ret->name == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) + goto err; + + ret->public_key = public_key; + return ret; + err: + CTLOG_free(ret); + return NULL; +} + +/* Frees CT log and associated structures */ +void +CTLOG_free(CTLOG *log) +{ + if (log != NULL) { + free(log->name); + EVP_PKEY_free(log->public_key); + free(log); + } +} + +const char * +CTLOG_get0_name(const CTLOG *log) +{ + return log->name; +} + +void +CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, size_t *log_id_len) +{ + *log_id = log->log_id; + *log_id_len = CT_V1_HASHLEN; +} + +EVP_PKEY * +CTLOG_get0_public_key(const CTLOG *log) +{ + return log->public_key; +} + +/* + * Given a log ID, finds the matching log. + * Returns NULL if no match found. + */ +const CTLOG * +CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id, + size_t log_id_len) +{ + int i; + + for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { + const CTLOG *log = sk_CTLOG_value(store->logs, i); + if (memcmp(log->log_id, log_id, log_id_len) == 0) + return log; + } + + return NULL; +} diff --git a/externals/libressl/crypto/ct/ct_oct.c b/externals/libressl/crypto/ct/ct_oct.c new file mode 100755 index 000000000..94e67c6bc --- /dev/null +++ b/externals/libressl/crypto/ct/ct_oct.c @@ -0,0 +1,458 @@ +/* $OpenBSD: ct_oct.c,v 1.8 2021/12/20 17:23:07 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include +#include +#include +#include + +#include "bytestring.h" +#include "ct_local.h" + +int +o2i_SCT_signature(SCT *sct, CBS *cbs) +{ + uint8_t hash_alg, sig_alg; + CBS signature; + + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + return 0; + } + + /* + * Parse a digitally-signed element - see RFC 6962 section 3.2 and + * RFC 5246 sections 4.7 and 7.4.1.4.1. + */ + if (!CBS_get_u8(cbs, &hash_alg)) + goto err_invalid; + if (!CBS_get_u8(cbs, &sig_alg)) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(cbs, &signature)) + goto err_invalid; + if (CBS_len(cbs) != 0) + goto err_invalid; + + /* + * Reject empty signatures since they are invalid for all supported + * algorithms (this really should be done by SCT_set1_signature()). + */ + if (CBS_len(&signature) == 0) + goto err_invalid; + + sct->hash_alg = hash_alg; + sct->sig_alg = sig_alg; + + if (SCT_get_signature_nid(sct) == NID_undef) + goto err_invalid; + + if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature))) + return 0; + + return 1; + + err_invalid: + CTerror(CT_R_SCT_INVALID_SIGNATURE); + return 0; +} + +static int +o2i_SCT_internal(SCT **out_sct, CBS *cbs) +{ + SCT *sct = NULL; + uint8_t version; + + *out_sct = NULL; + + if ((sct = SCT_new()) == NULL) + goto err; + + if (CBS_len(cbs) > MAX_SCT_SIZE) + goto err_invalid; + if (!CBS_peek_u8(cbs, &version)) + goto err_invalid; + + sct->version = version; + + if (version == SCT_VERSION_V1) { + CBS extensions, log_id; + uint64_t timestamp; + + /* + * Parse a v1 SignedCertificateTimestamp - see RFC 6962 + * section 3.2. + */ + if (!CBS_get_u8(cbs, &version)) + goto err_invalid; + if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN)) + goto err_invalid; + if (!CBS_get_u64(cbs, ×tamp)) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(cbs, &extensions)) + goto err_invalid; + + if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len)) + goto err; + + sct->timestamp = timestamp; + + if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) + goto err; + + if (!o2i_SCT_signature(sct, cbs)) + goto err; + + if (CBS_len(cbs) != 0) + goto err_invalid; + } else { + /* If not V1 just cache encoding. */ + if (!CBS_stow(cbs, &sct->sct, &sct->sct_len)) + goto err; + } + + *out_sct = sct; + + return 1; + + err_invalid: + CTerror(CT_R_SCT_INVALID); + err: + SCT_free(sct); + + return 0; +} + +SCT * +o2i_SCT(SCT **psct, const unsigned char **in, size_t len) +{ + SCT *sct; + CBS cbs; + + CBS_init(&cbs, *in, len); + + if (psct != NULL) { + SCT_free(*psct); + *psct = NULL; + } + + if (!o2i_SCT_internal(&sct, &cbs)) + return NULL; + + if (psct != NULL) + *psct = sct; + + *in = CBS_data(&cbs); + + return sct; +} + +int +i2o_SCT_signature(const SCT *sct, unsigned char **out) +{ + size_t len; + unsigned char *p = NULL, *pstart = NULL; + + if (!SCT_signature_is_complete(sct)) { + CTerror(CT_R_SCT_INVALID_SIGNATURE); + goto err; + } + + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + goto err; + } + + /* + * (1 byte) Hash algorithm + * (1 byte) Signature algorithm + * (2 bytes + ?) Signature + */ + len = 4 + sct->sig_len; + + if (out != NULL) { + if (*out != NULL) { + p = *out; + *out += len; + } else { + pstart = p = malloc(len); + if (p == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + *out = p; + } + + *p++ = sct->hash_alg; + *p++ = sct->sig_alg; + s2n(sct->sig_len, p); + memcpy(p, sct->sig, sct->sig_len); + } + + return len; + err: + free(pstart); + return -1; +} + +int +i2o_SCT(const SCT *sct, unsigned char **out) +{ + size_t len; + unsigned char *p = NULL, *pstart = NULL; + + if (!SCT_is_complete(sct)) { + CTerror(CT_R_SCT_NOT_SET); + goto err; + } + /* + * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) + * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions + * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 + * bytes + ?) Signature + */ + if (sct->version == SCT_VERSION_V1) + len = 43 + sct->ext_len + 4 + sct->sig_len; + else + len = sct->sct_len; + + if (out == NULL) + return len; + + if (*out != NULL) { + p = *out; + *out += len; + } else { + pstart = p = malloc(len); + if (p == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + *out = p; + } + + if (sct->version == SCT_VERSION_V1) { + *p++ = sct->version; + memcpy(p, sct->log_id, CT_V1_HASHLEN); + p += CT_V1_HASHLEN; + l2n8(sct->timestamp, p); + s2n(sct->ext_len, p); + if (sct->ext_len > 0) { + memcpy(p, sct->ext, sct->ext_len); + p += sct->ext_len; + } + if (i2o_SCT_signature(sct, &p) <= 0) + goto err; + } else { + memcpy(p, sct->sct, len); + } + + return len; + err: + free(pstart); + return -1; +} + +STACK_OF(SCT) * +o2i_SCT_LIST(STACK_OF(SCT) **out_scts, const unsigned char **pp, size_t len) +{ + CBS cbs, cbs_scts, cbs_sct; + STACK_OF(SCT) *scts = NULL; + + CBS_init(&cbs, *pp, len); + + if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE) + goto err_invalid; + if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts)) + goto err_invalid; + if (CBS_len(&cbs) != 0) + goto err_invalid; + + if (out_scts != NULL) { + SCT_LIST_free(*out_scts); + *out_scts = NULL; + } + + if ((scts = sk_SCT_new_null()) == NULL) + return NULL; + + while (CBS_len(&cbs_scts) > 0) { + SCT *sct; + + if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct)) + goto err_invalid; + + if (!o2i_SCT_internal(&sct, &cbs_sct)) + goto err; + if (!sk_SCT_push(scts, sct)) { + SCT_free(sct); + goto err; + } + } + + if (out_scts != NULL) + *out_scts = scts; + + *pp = CBS_data(&cbs); + + return scts; + + err_invalid: + CTerror(CT_R_SCT_LIST_INVALID); + err: + SCT_LIST_free(scts); + + return NULL; +} + +int +i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) +{ + int len, sct_len, i, is_pp_new = 0; + size_t len2; + unsigned char *p = NULL, *p2; + + if (pp != NULL) { + if (*pp == NULL) { + if ((len = i2o_SCT_LIST(a, NULL)) == -1) { + CTerror(CT_R_SCT_LIST_INVALID); + return -1; + } + if ((*pp = malloc(len)) == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return -1; + } + is_pp_new = 1; + } + p = *pp + 2; + } + + len2 = 2; + for (i = 0; i < sk_SCT_num(a); i++) { + if (pp != NULL) { + p2 = p; + p += 2; + if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) + goto err; + s2n(sct_len, p2); + } else { + if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) + goto err; + } + len2 += 2 + sct_len; + } + + if (len2 > MAX_SCT_LIST_SIZE) + goto err; + + if (pp != NULL) { + p = *pp; + s2n(len2 - 2, p); + if (!is_pp_new) + *pp += len2; + } + return len2; + + err: + if (is_pp_new) { + free(*pp); + *pp = NULL; + } + return -1; +} + +STACK_OF(SCT) * +d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + ASN1_OCTET_STRING *oct = NULL; + STACK_OF(SCT) *sk = NULL; + const unsigned char *p; + + p = *pp; + if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) + return NULL; + + p = oct->data; + if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) + *pp += len; + + ASN1_OCTET_STRING_free(oct); + return sk; +} + +int +i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) +{ + ASN1_OCTET_STRING oct; + int len; + + oct.data = NULL; + if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) + return -1; + + len = i2d_ASN1_OCTET_STRING(&oct, out); + free(oct.data); + return len; +} diff --git a/externals/libressl/crypto/ct/ct_policy.c b/externals/libressl/crypto/ct/ct_policy.c new file mode 100755 index 000000000..2cb3e6933 --- /dev/null +++ b/externals/libressl/crypto/ct/ct_policy.c @@ -0,0 +1,153 @@ +/* $OpenBSD: ct_policy.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* + * Implementations of Certificate Transparency SCT policies. + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include +#include + +#include "ct_local.h" + +/* + * Number of seconds in the future that an SCT timestamp can be, by default, + * without being considered invalid. This is added to time() when setting a + * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. + * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). + */ +static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; + +CT_POLICY_EVAL_CTX * +CT_POLICY_EVAL_CTX_new(void) +{ + CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX)); + + if (ctx == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ + ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * + 1000; + + return ctx; +} + +void +CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) +{ + if (ctx == NULL) + return; + X509_free(ctx->cert); + X509_free(ctx->issuer); + free(ctx); +} + +int +CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) +{ + if (!X509_up_ref(cert)) + return 0; + ctx->cert = cert; + return 1; +} + +int +CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) +{ + if (!X509_up_ref(issuer)) + return 0; + ctx->issuer = issuer; + return 1; +} + +void +CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store) +{ + ctx->log_store = log_store; +} + +void +CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) +{ + ctx->epoch_time_in_ms = time_in_ms; +} + +X509 * +CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->cert; +} + +X509 * +CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->issuer; +} + +const CTLOG_STORE * +CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->log_store; +} + +uint64_t +CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) +{ + return ctx->epoch_time_in_ms; +} diff --git a/externals/libressl/crypto/ct/ct_prn.c b/externals/libressl/crypto/ct/ct_prn.c new file mode 100755 index 000000000..ea4f3b247 --- /dev/null +++ b/externals/libressl/crypto/ct/ct_prn.c @@ -0,0 +1,208 @@ +/* $OpenBSD: ct_prn.c,v 1.6 2021/12/18 16:34:52 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include "ct_local.h" + +/* + * XXX public api in OpenSSL 1.1.0 but this is the only thing that uses it. + * so I am stuffing it here for the moment. + */ +static int +BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen) +{ + int i, j = 0; + + if (datalen < 1) + return 1; + + for (i = 0; i < datalen - 1; i++) { + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + + BIO_printf(out, "%02X:", data[i]); + + j = (j + 1) % width; + if (!j) + BIO_printf(out, "\n"); + } + + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + BIO_printf(out, "%02X", data[datalen - 1]); + return 1; +} + +static void +SCT_signature_algorithms_print(const SCT *sct, BIO *out) +{ + int nid = SCT_get_signature_nid(sct); + + if (nid == NID_undef) + BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg); + else + BIO_printf(out, "%s", OBJ_nid2ln(nid)); +} + +static void +timestamp_print(uint64_t timestamp, BIO *out) +{ + ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new(); + char genstr[20]; + + if (gen == NULL) + return; + ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000), + (timestamp % 86400000) / 1000); + /* + * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 + * characters long with a final Z. Update it with fractional seconds. + */ + snprintf(genstr, sizeof(genstr), "%.14sZ", ASN1_STRING_get0_data(gen)); + if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) + ASN1_GENERALIZEDTIME_print(out, gen); + ASN1_GENERALIZEDTIME_free(gen); +} + +const char * +SCT_validation_status_string(const SCT *sct) +{ + switch (SCT_get_validation_status(sct)) { + case SCT_VALIDATION_STATUS_NOT_SET: + return "not set"; + case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: + return "unknown version"; + case SCT_VALIDATION_STATUS_UNKNOWN_LOG: + return "unknown log"; + case SCT_VALIDATION_STATUS_UNVERIFIED: + return "unverified"; + case SCT_VALIDATION_STATUS_INVALID: + return "invalid"; + case SCT_VALIDATION_STATUS_VALID: + return "valid"; + } + return "unknown status"; +} + +void +SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *log_store) +{ + const CTLOG *log = NULL; + + if (log_store != NULL) { + log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, + sct->log_id_len); + } + + BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); + BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); + + if (sct->version != SCT_VERSION_V1) { + BIO_printf(out, "unknown\n%*s", indent + 16, ""); + BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); + return; + } + + BIO_printf(out, "v1 (0x0)"); + + if (log != NULL) { + BIO_printf(out, "\n%*sLog : %s", indent + 4, "", + CTLOG_get0_name(log)); + } + + BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); + BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); + + BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); + timestamp_print(sct->timestamp, out); + + BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); + if (sct->ext_len == 0) + BIO_printf(out, "none"); + else + BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); + + BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); + SCT_signature_algorithms_print(sct, out); + BIO_printf(out, "\n%*s ", indent + 4, ""); + BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); +} + +void +SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *log_store) +{ + int sct_count = sk_SCT_num(sct_list); + int i; + + for (i = 0; i < sct_count; ++i) { + SCT *sct = sk_SCT_value(sct_list, i); + + SCT_print(sct, out, indent, log_store); + if (i < sk_SCT_num(sct_list) - 1) + BIO_printf(out, "%s", separator); + } +} diff --git a/externals/libressl/crypto/ct/ct_sct.c b/externals/libressl/crypto/ct/ct_sct.c new file mode 100755 index 000000000..a05b0f92a --- /dev/null +++ b/externals/libressl/crypto/ct/ct_sct.c @@ -0,0 +1,480 @@ +/* $OpenBSD: ct_sct.c,v 1.8 2022/01/22 00:29:59 inoguchi Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com), Stephen Henson (steve@openssl.org) + * and Adam Eijdenberg (adam.eijdenberg@gmail.com) for the OpenSSL project 2016. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT disabled" +#endif + +#include +#include +#include +#include +#include + +#include + +#include "ct_local.h" + +SCT * +SCT_new(void) +{ + SCT *sct = calloc(1, sizeof(*sct)); + + if (sct == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET; + sct->version = SCT_VERSION_NOT_SET; + return sct; +} + +void +SCT_free(SCT *sct) +{ + if (sct == NULL) + return; + + free(sct->log_id); + free(sct->ext); + free(sct->sig); + free(sct->sct); + free(sct); +} + +void +SCT_LIST_free(STACK_OF(SCT) *scts) +{ + sk_SCT_pop_free(scts, SCT_free); +} + +int +SCT_set_version(SCT *sct, sct_version_t version) +{ + if (version != SCT_VERSION_V1) { + CTerror(CT_R_UNSUPPORTED_VERSION); + return 0; + } + sct->version = version; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; +} + +int +SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) +{ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + switch (entry_type) { + case CT_LOG_ENTRY_TYPE_X509: + case CT_LOG_ENTRY_TYPE_PRECERT: + sct->entry_type = entry_type; + return 1; + case CT_LOG_ENTRY_TYPE_NOT_SET: + break; + } + CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE); + return 0; +} + +int +SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) +{ + if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { + CTerror(CT_R_INVALID_LOG_ID_LENGTH); + return 0; + } + + free(sct->log_id); + sct->log_id = log_id; + sct->log_id_len = log_id_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; +} + +int +SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) +{ + if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { + CTerror(CT_R_INVALID_LOG_ID_LENGTH); + return 0; + } + + free(sct->log_id); + sct->log_id = NULL; + sct->log_id_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (log_id != NULL && log_id_len > 0) { + sct->log_id = malloc(log_id_len); + if (sct->log_id == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->log_id, log_id, log_id_len); + sct->log_id_len = log_id_len; + } + return 1; +} + + +void +SCT_set_timestamp(SCT *sct, uint64_t timestamp) +{ + sct->timestamp = timestamp; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set_signature_nid(SCT *sct, int nid) +{ + switch (nid) { + case NID_sha256WithRSAEncryption: + sct->hash_alg = 4; /* XXX */ + sct->sig_alg = 1; /* XXX */ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; + case NID_ecdsa_with_SHA256: + sct->hash_alg = 4; /* XXX */ + sct->sig_alg = 3; /* XXX */ + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + return 1; + default: + CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID); + return 0; + } +} + +void +SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) +{ + free(sct->ext); + sct->ext = ext; + sct->ext_len = ext_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) +{ + free(sct->ext); + sct->ext = NULL; + sct->ext_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (ext != NULL && ext_len > 0) { + sct->ext = malloc(ext_len); + if (sct->ext == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->ext, ext, ext_len); + sct->ext_len = ext_len; + } + return 1; +} + +void +SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) +{ + free(sct->sig); + sct->sig = sig; + sct->sig_len = sig_len; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; +} + +int +SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) +{ + free(sct->sig); + sct->sig = NULL; + sct->sig_len = 0; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + + if (sig != NULL && sig_len > 0) { + sct->sig = malloc(sig_len); + if (sct->sig == NULL) { + CTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sct->sig, sig, sig_len); + sct->sig_len = sig_len; + } + return 1; +} + +sct_version_t +SCT_get_version(const SCT *sct) +{ + return sct->version; +} + +ct_log_entry_type_t +SCT_get_log_entry_type(const SCT *sct) +{ + return sct->entry_type; +} + +size_t +SCT_get0_log_id(const SCT *sct, unsigned char **log_id) +{ + *log_id = sct->log_id; + return sct->log_id_len; +} + +uint64_t +SCT_get_timestamp(const SCT *sct) +{ + return sct->timestamp; +} + +int +SCT_get_signature_nid(const SCT *sct) +{ + if (sct->version == SCT_VERSION_V1) { + /* XXX sigalg numbers */ + if (sct->hash_alg == 4) { + switch (sct->sig_alg) { + case 3: + return NID_ecdsa_with_SHA256; + case 1: + return NID_sha256WithRSAEncryption; + default: + return NID_undef; + } + } + } + return NID_undef; +} + +size_t +SCT_get0_extensions(const SCT *sct, unsigned char **ext) +{ + *ext = sct->ext; + return sct->ext_len; +} + +size_t +SCT_get0_signature(const SCT *sct, unsigned char **sig) +{ + *sig = sct->sig; + return sct->sig_len; +} + +int +SCT_is_complete(const SCT *sct) +{ + switch (sct->version) { + case SCT_VERSION_NOT_SET: + return 0; + case SCT_VERSION_V1: + return sct->log_id != NULL && SCT_signature_is_complete(sct); + default: + return sct->sct != NULL; /* Just need cached encoding */ + } +} + +int +SCT_signature_is_complete(const SCT *sct) +{ + return SCT_get_signature_nid(sct) != NID_undef && + sct->sig != NULL && sct->sig_len > 0; +} + +sct_source_t +SCT_get_source(const SCT *sct) +{ + return sct->source; +} + +int +SCT_set_source(SCT *sct, sct_source_t source) +{ + sct->source = source; + sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; + switch (source) { + case SCT_SOURCE_TLS_EXTENSION: + case SCT_SOURCE_OCSP_STAPLED_RESPONSE: + return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); + case SCT_SOURCE_X509V3_EXTENSION: + return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); + case SCT_SOURCE_UNKNOWN: + break; + } + /* if we aren't sure, leave the log entry type alone */ + return 1; +} + +sct_validation_status_t +SCT_get_validation_status(const SCT *sct) +{ + return sct->validation_status; +} + +int +SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) +{ + int is_sct_valid = -1; + SCT_CTX *sctx = NULL; + X509_PUBKEY *pub = NULL, *log_pkey = NULL; + const CTLOG *log; + + /* + * With an unrecognized SCT version we don't know what such an SCT means, + * let alone validate one. So we return validation failure (0). + */ + if (sct->version != SCT_VERSION_V1) { + sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; + return 0; + } + + log = CTLOG_STORE_get0_log_by_id(ctx->log_store, sct->log_id, + sct->log_id_len); + + /* Similarly, an SCT from an unknown log also cannot be validated. */ + if (log == NULL) { + sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; + return 0; + } + + sctx = SCT_CTX_new(); + if (sctx == NULL) + goto err; + + if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) + goto err; + if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) + goto err; + + if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) { + EVP_PKEY *issuer_pkey; + + if (ctx->issuer == NULL) { + sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; + goto end; + } + + if ((issuer_pkey = X509_get0_pubkey(ctx->issuer)) == NULL) + goto err; + + if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) + goto err; + if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1) + goto err; + } + + SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms); + + /* + * XXX: Potential for optimization. This repeats some idempotent heavy + * lifting on the certificate for each candidate SCT, and appears to not + * use any information in the SCT itself, only the certificate is + * processed. So it may make more sense to to do this just once, perhaps + * associated with the shared (by all SCTs) policy eval ctx. + * + * XXX: Failure here is global (SCT independent) and represents either an + * issue with the certificate (e.g. duplicate extensions) or an out of + * memory condition. When the certificate is incompatible with CT, we just + * mark the SCTs invalid, rather than report a failure to determine the + * validation status. That way, callbacks that want to do "soft" SCT + * processing will not abort handshakes with false positive internal + * errors. Since the function does not distinguish between certificate + * issues (peer's fault) and internal problems (out fault) the safe thing + * to do is to report a validation failure and let the callback or + * application decide what to do. + */ + if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) + sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; + else + sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? + SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; + + end: + is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; + err: + X509_PUBKEY_free(pub); + X509_PUBKEY_free(log_pkey); + SCT_CTX_free(sctx); + + return is_sct_valid; +} + +int +SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx) +{ + int are_scts_valid = 1; + int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; + int i; + + for (i = 0; i < sct_count; ++i) { + int is_sct_valid = -1; + SCT *sct = sk_SCT_value(scts, i); + + if (sct == NULL) + continue; + + is_sct_valid = SCT_validate(sct, ctx); + if (is_sct_valid < 0) + return is_sct_valid; + are_scts_valid &= is_sct_valid; + } + + return are_scts_valid; +} diff --git a/externals/libressl/crypto/ct/ct_sct_ctx.c b/externals/libressl/crypto/ct/ct_sct_ctx.c new file mode 100755 index 000000000..1863058de --- /dev/null +++ b/externals/libressl/crypto/ct/ct_sct_ctx.c @@ -0,0 +1,323 @@ +/* $OpenBSD: ct_sct_ctx.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include +#include + +#include +#include +#include + +#include "ct_local.h" + +SCT_CTX * +SCT_CTX_new(void) +{ + SCT_CTX *sctx = calloc(1, sizeof(*sctx)); + + if (sctx == NULL) + CTerror(ERR_R_MALLOC_FAILURE); + + return sctx; +} + +void +SCT_CTX_free(SCT_CTX *sctx) +{ + if (sctx == NULL) + return; + EVP_PKEY_free(sctx->pkey); + free(sctx->pkeyhash); + free(sctx->ihash); + free(sctx->certder); + free(sctx->preder); + free(sctx); +} + +/* + * Finds the index of the first extension with the given NID in cert. + * If there is more than one extension with that NID, *is_duplicated is set to + * 1, otherwise 0 (unless it is NULL). + */ +static int +ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) +{ + int ret = X509_get_ext_by_NID(cert, nid, -1); + + if (is_duplicated != NULL) + *is_duplicated = ret >= 0 && + X509_get_ext_by_NID(cert, nid, ret) >= 0; + + return ret; +} + +/* + * Modifies a certificate by deleting extensions and copying the issuer and + * AKID from the presigner certificate, if necessary. + * Returns 1 on success, 0 otherwise. + */ +static int +ct_x509_cert_fixup(X509 *cert, X509 *presigner) +{ + int preidx, certidx; + int pre_akid_ext_is_dup, cert_akid_ext_is_dup; + + if (presigner == NULL) + return 1; + + preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, + &pre_akid_ext_is_dup); + certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, + &cert_akid_ext_is_dup); + + /* An error occurred whilst searching for the extension */ + if (preidx < -1 || certidx < -1) + return 0; + /* Invalid certificate if they contain duplicate extensions */ + if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) + return 0; + /* AKID must be present in both certificate or absent in both */ + if (preidx >= 0 && certidx == -1) + return 0; + if (preidx == -1 && certidx >= 0) + return 0; + /* Copy issuer name */ + if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) + return 0; + if (preidx != -1) { + /* Retrieve and copy AKID encoding */ + X509_EXTENSION *preext = X509_get_ext(presigner, preidx); + X509_EXTENSION *certext = X509_get_ext(cert, certidx); + ASN1_OCTET_STRING *preextdata; + + /* Should never happen */ + if (preext == NULL || certext == NULL) + return 0; + preextdata = X509_EXTENSION_get_data(preext); + if (preextdata == NULL || + !X509_EXTENSION_set_data(certext, preextdata)) + return 0; + } + return 1; +} + +int +SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) +{ + unsigned char *certder = NULL, *preder = NULL; + X509 *pretmp = NULL; + int certderlen = 0, prederlen = 0; + int idx = -1; + int poison_ext_is_dup, sct_ext_is_dup; + int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); + + /* Duplicate poison extensions are present - error */ + if (poison_ext_is_dup) + goto err; + + /* If *cert doesn't have a poison extension, it isn't a precert */ + if (poison_idx == -1) { + /* cert isn't a precert, so we shouldn't have a presigner */ + if (presigner != NULL) + goto err; + + certderlen = i2d_X509(cert, &certder); + if (certderlen < 0) + goto err; + } + + /* See if cert has a precert SCTs extension */ + idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); + /* Duplicate SCT extensions are present - error */ + if (sct_ext_is_dup) + goto err; + + if (idx >= 0 && poison_idx >= 0) { + /* + * cert can't both contain SCTs (i.e. have an SCT extension) and be a + * precert (i.e. have a poison extension). + */ + goto err; + } + + if (idx == -1) { + idx = poison_idx; + } + + /* + * If either a poison or SCT extension is present, remove it before encoding + * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see + * RFC5280) from cert, which is what the CT log signed when it produced the + * SCT. + */ + if (idx >= 0) { + X509_EXTENSION *ext; + + /* Take a copy of certificate so we don't modify passed version */ + pretmp = X509_dup(cert); + if (pretmp == NULL) + goto err; + + ext = X509_delete_ext(pretmp, idx); + X509_EXTENSION_free(ext); + + if (!ct_x509_cert_fixup(pretmp, presigner)) + goto err; + + prederlen = i2d_re_X509_tbs(pretmp, &preder); + if (prederlen <= 0) + goto err; + } + + X509_free(pretmp); + + free(sctx->certder); + sctx->certder = certder; + sctx->certderlen = certderlen; + + free(sctx->preder); + sctx->preder = preder; + sctx->prederlen = prederlen; + + return 1; + err: + free(certder); + free(preder); + X509_free(pretmp); + return 0; +} + +static int +ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len) +{ + int ret = 0; + unsigned char *md = NULL, *der = NULL; + int der_len; + unsigned int md_len; + + /* Reuse buffer if possible */ + if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { + md = *hash; + } else { + md = malloc(SHA256_DIGEST_LENGTH); + if (md == NULL) + goto err; + } + + /* Calculate key hash */ + der_len = i2d_X509_PUBKEY(pkey, &der); + if (der_len <= 0) + goto err; + + if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL)) + goto err; + + if (md != *hash) { + free(*hash); + *hash = md; + *hash_len = SHA256_DIGEST_LENGTH; + } + + md = NULL; + ret = 1; + err: + free(md); + free(der); + return ret; +} + +int +SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) +{ + return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); +} + +int +SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) +{ + return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen); +} + +int +SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) +{ + EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); + + if (pkey == NULL) + return 0; + + if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { + EVP_PKEY_free(pkey); + return 0; + } + + EVP_PKEY_free(sctx->pkey); + sctx->pkey = pkey; + return 1; +} + +void +SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) +{ + sctx->epoch_time_in_ms = time_in_ms; +} diff --git a/externals/libressl/crypto/ct/ct_vfy.c b/externals/libressl/crypto/ct/ct_vfy.c new file mode 100755 index 000000000..424117263 --- /dev/null +++ b/externals/libressl/crypto/ct/ct_vfy.c @@ -0,0 +1,195 @@ +/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +#include "ct_local.h" + +typedef enum sct_signature_type_t { + SIGNATURE_TYPE_NOT_SET = -1, + SIGNATURE_TYPE_CERT_TIMESTAMP, + SIGNATURE_TYPE_TREE_HASH +} SCT_SIGNATURE_TYPE; + +/* + * Update encoding for SCT signature verification/generation to supplied + * EVP_MD_CTX. + */ +static int +sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) +{ + CBB cbb, entry, extensions; + uint8_t *data = NULL; + size_t data_len; + int ret = 0; + + memset(&cbb, 0, sizeof(cbb)); + + if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) + goto err; + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) + goto err; + + if (!CBB_init(&cbb, 0)) + goto err; + + /* + * Build the digitally-signed struct per RFC 6962 section 3.2. + */ + if (!CBB_add_u8(&cbb, sct->version)) + goto err; + if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP)) + goto err; + if (!CBB_add_u64(&cbb, sct->timestamp)) + goto err; + if (!CBB_add_u16(&cbb, sct->entry_type)) + goto err; + + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { + if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen)) + goto err; + } + + if (!CBB_add_u24_length_prefixed(&cbb, &entry)) + goto err; + if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { + if (sctx->preder == NULL) + goto err; + if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen)) + goto err; + } else { + if (sctx->certder == NULL) + goto err; + if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen)) + goto err; + } + + if (!CBB_add_u16_length_prefixed(&cbb, &extensions)) + goto err; + if (sct->ext_len > 0) { + if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len)) + goto err; + } + + if (!CBB_finish(&cbb, &data, &data_len)) + goto err; + + if (!EVP_DigestUpdate(ctx, data, data_len)) + goto err; + + ret = 1; + + err: + CBB_cleanup(&cbb); + free(data); + + return ret; +} + +int +SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) +{ + EVP_MD_CTX *ctx = NULL; + int ret = 0; + + if (!SCT_is_complete(sct) || sctx->pkey == NULL || + sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || + (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && + sctx->ihash == NULL)) { + CTerror(CT_R_SCT_NOT_SET); + return 0; + } + if (sct->version != SCT_VERSION_V1) { + CTerror(CT_R_SCT_UNSUPPORTED_VERSION); + return 0; + } + if (sct->log_id_len != sctx->pkeyhashlen || + memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { + CTerror(CT_R_SCT_LOG_ID_MISMATCH); + return 0; + } + if (sct->timestamp > sctx->epoch_time_in_ms) { + CTerror(CT_R_SCT_FUTURE_TIMESTAMP); + return 0; + } + + if ((ctx = EVP_MD_CTX_new()) == NULL) + goto end; + + if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey)) + goto end; + + if (!sct_ctx_update(ctx, sctx, sct)) + goto end; + + /* Verify signature */ + /* If ret < 0 some other error: fall through without setting error */ + if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0) + CTerror(CT_R_SCT_INVALID_SIGNATURE); + + end: + EVP_MD_CTX_free(ctx); + + return ret; +} diff --git a/externals/libressl/crypto/ct/ct_x509v3.c b/externals/libressl/crypto/ct/ct_x509v3.c new file mode 100755 index 000000000..59f2975cd --- /dev/null +++ b/externals/libressl/crypto/ct/ct_x509v3.c @@ -0,0 +1,186 @@ +/* $OpenBSD: ct_x509v3.c,v 1.6 2021/12/25 15:42:32 tb Exp $ */ +/* + * Written by Rob Stradling (rob@comodo.com) and Stephen Henson + * (steve@openssl.org) for the OpenSSL project 2014. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#include + +#include "ct_local.h" + +static char * +i2s_poison(const X509V3_EXT_METHOD *method, void *val) +{ + return strdup("NULL"); +} + +static void * +s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +static int +i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out, + int indent) +{ + SCT_LIST_print(sct_list, out, indent, "\n", NULL); + return 1; +} + +static int +set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) +{ + if (s != NULL) { + int i; + + for (i = 0; i < sk_SCT_num(s); i++) { + int res = SCT_set_source(sk_SCT_value(s, i), source); + + if (res != 1) { + return 0; + } + } + } + return 1; +} + +static STACK_OF(SCT) * +x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); + + if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { + SCT_LIST_free(s); + *a = NULL; + return NULL; + } + return s; +} + +static STACK_OF(SCT) * +ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) +{ + STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); + + if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { + SCT_LIST_free(s); + *a = NULL; + return NULL; + } + return s; +} + +/* Handlers for X509v3/OCSP Certificate Transparency extensions */ +const X509V3_EXT_METHOD v3_ct_scts[3] = { + /* X509v3 extension in certificates that contains SCTs */ + [0] = { + .ext_nid = NID_ct_precert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, + }, + + /* X509v3 extension to mark a certificate as a pre-certificate */ + [1] = { + .ext_nid = NID_ct_precert_poison, + .ext_flags = 0, + .it = &ASN1_NULL_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = i2s_poison, + .s2i = s2i_poison, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + + /* OCSP extension that contains SCTs */ + [2] = { + .ext_nid = NID_ct_cert_scts, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, + .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, + .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, + .r2i = NULL, + .usr_data = NULL, + }, +}; diff --git a/externals/libressl/crypto/curve25519/curve25519.c b/externals/libressl/crypto/curve25519/curve25519.c index 13b54c3d5..6df03a3a6 100755 --- a/externals/libressl/crypto/curve25519/curve25519.c +++ b/externals/libressl/crypto/curve25519/curve25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: curve25519.c,v 1.5 2019/05/11 15:55:52 tb Exp $ */ +/* $OpenBSD: curve25519.c,v 1.6 2022/02/08 16:44:23 tb Exp $ */ /* * Copyright (c) 2015, Google Inc. * @@ -3513,7 +3513,7 @@ static void table_select(ge_precomp *t, int pos, signed char b) { * * Preconditions: * a[31] <= 127 */ -void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { signed char e[64]; signed char carry; ge_p1p1 r; diff --git a/externals/libressl/crypto/des/cfb_enc.c b/externals/libressl/crypto/des/cfb_enc.c index 59a3e7186..4231f469e 100755 --- a/externals/libressl/crypto/des/cfb_enc.c +++ b/externals/libressl/crypto/des/cfb_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cfb_enc.c,v 1.13 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: cfb_enc.c,v 1.14 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,7 +57,7 @@ */ #include "des_locl.h" -#include +#include /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 diff --git a/externals/libressl/crypto/dh/dh_ameth.c b/externals/libressl/crypto/dh/dh_ameth.c index af15fb2c6..0df7fbc73 100755 --- a/externals/libressl/crypto/dh/dh_ameth.c +++ b/externals/libressl/crypto/dh/dh_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_ameth.c,v 1.18 2020/01/04 13:57:43 inoguchi Exp $ */ +/* $OpenBSD: dh_ameth.c,v 1.23 2022/01/20 11:00:34 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,6 +65,8 @@ #include #include "asn1_locl.h" +#include "dh_local.h" +#include "evp_locl.h" static void int_dh_free(EVP_PKEY *pkey) @@ -93,7 +95,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) goto err; } - pstr = pval; + pstr = pval; pm = pstr->data; pmlen = pstr->length; @@ -178,7 +180,7 @@ err: * that the AlgorithmIdentifier contains the paramaters, the private key * is explcitly included and the pubkey must be recalculated. */ - + static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { @@ -202,7 +204,7 @@ dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; - pstr = pval; + pstr = pval; pm = pstr->data; pmlen = pstr->length; if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) @@ -351,7 +353,8 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) goto err; } - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) goto err; indent += 4; @@ -366,7 +369,8 @@ do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) goto err; if (x->length != 0) { - BIO_indent(bp, indent, 128); + if (!BIO_indent(bp, indent, 128)) + goto err; if (BIO_printf(bp, "recommended-private-length: %d bits\n", (int)x->length) <= 0) goto err; @@ -464,6 +468,32 @@ DHparams_print(BIO *bp, const DH *x) return do_dh_print(bp, x, 4, NULL, 0); } +static int +dh_pkey_public_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + if (dh->pub_key == NULL) { + DHerror(DH_R_MISSING_PUBKEY); + return 0; + } + + return DH_check_pub_key_ex(dh, dh->pub_key); +} + +static int +dh_pkey_param_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + /* + * It would have made more sense to support EVP_PKEY_check() for DH + * keys and call DH_check_ex() there and keeping this as a wrapper + * for DH_param_check_ex(). We follow OpenSSL's choice. + */ + return DH_check_ex(dh); +} + const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .pkey_id = EVP_PKEY_DH, .pkey_base_id = EVP_PKEY_DH, @@ -491,4 +521,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .param_print = dh_param_print, .pkey_free = int_dh_free, + + .pkey_check = NULL, + .pkey_public_check = dh_pkey_public_check, + .pkey_param_check = dh_pkey_param_check, }; diff --git a/externals/libressl/crypto/dh/dh_asn1.c b/externals/libressl/crypto/dh/dh_asn1.c index f48502931..10184f0b2 100755 --- a/externals/libressl/crypto/dh/dh_asn1.c +++ b/externals/libressl/crypto/dh/dh_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_asn1.c,v 1.10 2016/12/30 15:26:49 jsing Exp $ */ +/* $OpenBSD: dh_asn1.c,v 1.11 2022/01/07 09:27:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -63,6 +63,8 @@ #include #include +#include "dh_local.h" + /* Override the default free and new methods */ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) diff --git a/externals/libressl/crypto/dh/dh_check.c b/externals/libressl/crypto/dh/dh_check.c index a8227d31c..1d20952e2 100755 --- a/externals/libressl/crypto/dh/dh_check.c +++ b/externals/libressl/crypto/dh/dh_check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */ +/* $OpenBSD: dh_check.c,v 1.24 2022/01/10 12:00:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,87 +60,244 @@ #include #include +#include + +#include "bn_lcl.h" +#include "dh_local.h" + +#define DH_NUMBER_ITERATIONS_FOR_PRIME 64 /* - * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. + * Check that p is odd and 1 < g < p - 1. The _ex version removes the need of + * inspecting flags and pushes errors on the stack instead. */ int -DH_check(const DH *dh, int *ret) +DH_check_params_ex(const DH *dh) { - int is_prime, ok = 0; - BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *q = NULL; + int flags = 0; - *ret = 0; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - q = BN_new(); - if (q == NULL) - goto err; + if (!DH_check_params(dh, &flags)) + return 0; - if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if (l != 3 && l != 7) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + if ((flags & DH_CHECK_P_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_PRIME); + if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerror(DH_R_NOT_SUITABLE_GENERATOR); - is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); - if (is_prime < 0) + return flags == 0; +} + +int +DH_check_params(const DH *dh, int *flags) +{ + BIGNUM *max_g = NULL; + int ok = 0; + + *flags = 0; + + if (!BN_is_odd(dh->p)) + *flags |= DH_CHECK_P_NOT_PRIME; + + /* + * Check that 1 < dh->g < p - 1 + */ + + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + /* max_g = p - 1 */ + if ((max_g = BN_dup(dh->p)) == NULL) goto err; - if (is_prime == 0) - *ret |= DH_CHECK_P_NOT_PRIME; - else { - if (!BN_rshift1(q, dh->p)) - goto err; - is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL); - if (is_prime < 0) - goto err; - if (is_prime == 0) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; - } + if (!BN_sub_word(max_g, 1)) + goto err; + /* check that g < max_g */ + if (BN_cmp(dh->g, max_g) >= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + ok = 1; err: + BN_free(max_g); + + return ok; +} + +/* + * Check that p is a safe prime and that g is a suitable generator. + * The _ex version puts errors on the stack instead of returning flags. + */ + +int +DH_check_ex(const DH *dh) +{ + int flags = 0; + + if (!DH_check(dh, &flags)) + return 0; + + if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerror(DH_R_NOT_SUITABLE_GENERATOR); + if ((flags & DH_CHECK_Q_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_Q_NOT_PRIME); + if ((flags & DH_CHECK_INVALID_Q_VALUE) != 0) + DHerror(DH_R_CHECK_INVALID_Q_VALUE); + if ((flags & DH_CHECK_INVALID_J_VALUE) != 0) + DHerror(DH_R_CHECK_INVALID_J_VALUE); + if ((flags & DH_UNABLE_TO_CHECK_GENERATOR) != 0) + DHerror(DH_R_UNABLE_TO_CHECK_GENERATOR); + if ((flags & DH_CHECK_P_NOT_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_PRIME); + if ((flags & DH_CHECK_P_NOT_SAFE_PRIME) != 0) + DHerror(DH_R_CHECK_P_NOT_SAFE_PRIME); + + return flags == 0; +} + +int +DH_check(const DH *dh, int *flags) +{ + BN_CTX *ctx = NULL; + int is_prime; + int ok = 0; + + *flags = 0; + + if (!DH_check_params(dh, flags)) + goto err; + + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + + if (dh->q != NULL) { + BIGNUM *quotient, *residue; + + if ((quotient = BN_CTX_get(ctx)) == NULL) + goto err; + if ((residue = BN_CTX_get(ctx)) == NULL) + goto err; + if ((*flags & DH_NOT_SUITABLE_GENERATOR) == 0) { + /* Check g^q == 1 mod p */ + if (!BN_mod_exp_ct(residue, dh->g, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(residue)) + *flags |= DH_NOT_SUITABLE_GENERATOR; + } + is_prime = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); + if (is_prime < 0) + goto err; + if (is_prime == 0) + *flags |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q, i.e., q divides p - 1 */ + if (!BN_div_ct(quotient, residue, dh->p, dh->q, ctx)) + goto err; + if (!BN_is_one(residue)) + *flags |= DH_CHECK_INVALID_Q_VALUE; + if (dh->j != NULL && BN_cmp(dh->j, quotient) != 0) + *flags |= DH_CHECK_INVALID_J_VALUE; + } + + is_prime = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); + if (is_prime < 0) + goto err; + if (is_prime == 0) + *flags |= DH_CHECK_P_NOT_PRIME; + else if (dh->q == NULL) { + BIGNUM *q; + + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + if (!BN_rshift1(q, dh->p)) + goto err; + is_prime = BN_is_prime_ex(q, DH_NUMBER_ITERATIONS_FOR_PRIME, + ctx, NULL); + if (is_prime < 0) + goto err; + if (is_prime == 0) + *flags |= DH_CHECK_P_NOT_SAFE_PRIME; + } + + ok = 1; + + err: + BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_free(q); return ok; } int -DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) +DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) { - BIGNUM *q = NULL; + int flags = 0; - *ret = 0; - q = BN_new(); - if (q == NULL) + if (!DH_check_pub_key(dh, pub_key, &flags)) return 0; - BN_set_word(q, 1); - if (BN_cmp(pub_key, q) <= 0) - *ret |= DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q, dh->p); - BN_sub_word(q, 1); - if (BN_cmp(pub_key, q) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - BN_free(q); - return 1; + if ((flags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) + DHerror(DH_R_CHECK_PUBKEY_TOO_SMALL); + if ((flags & DH_CHECK_PUBKEY_TOO_LARGE) != 0) + DHerror(DH_R_CHECK_PUBKEY_TOO_LARGE); + if ((flags & DH_CHECK_PUBKEY_INVALID) != 0) + DHerror(DH_R_CHECK_PUBKEY_INVALID); + + return flags == 0; +} + +int +DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *flags) +{ + BN_CTX *ctx = NULL; + BIGNUM *max_pub_key; + int ok = 0; + + *flags = 0; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + if ((max_pub_key = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * Check that 1 < pub_key < dh->p - 1 + */ + + if (BN_cmp(pub_key, BN_value_one()) <= 0) + *flags |= DH_CHECK_PUBKEY_TOO_SMALL; + + /* max_pub_key = dh->p - 1 */ + if (BN_copy(max_pub_key, dh->p) == NULL) + goto err; + if (!BN_sub_word(max_pub_key, 1)) + goto err; + + if (BN_cmp(pub_key, max_pub_key) >= 0) + *flags |= DH_CHECK_PUBKEY_TOO_LARGE; + + /* + * If dh->q is set, check that pub_key^q == 1 mod p + */ + + if (dh->q != NULL) { + BIGNUM *residue; + + if ((residue = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_mod_exp_ct(residue, pub_key, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(residue)) + *flags = DH_CHECK_PUBKEY_INVALID; + } + + ok = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ok; } diff --git a/externals/libressl/crypto/dh/dh_depr.c b/externals/libressl/crypto/dh/dh_depr.c index 0b75b0be5..717482ca3 100755 --- a/externals/libressl/crypto/dh/dh_depr.c +++ b/externals/libressl/crypto/dh/dh_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: dh_depr.c,v 1.7 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len, int generator, diff --git a/externals/libressl/crypto/dh/dh_err.c b/externals/libressl/crypto/dh/dh_err.c index 497f88436..a387c37cc 100755 --- a/externals/libressl/crypto/dh/dh_err.c +++ b/externals/libressl/crypto/dh/dh_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_err.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_err.c,v 1.17 2022/01/10 12:00:52 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -90,6 +90,17 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, +{ERR_REASON(DH_R_CHECK_INVALID_J_VALUE) ,"check invalid j value"}, +{ERR_REASON(DH_R_CHECK_INVALID_Q_VALUE) ,"check invalid q value"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_INVALID) ,"check pubkey invalid"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_LARGE) ,"check pubkey too large"}, +{ERR_REASON(DH_R_CHECK_PUBKEY_TOO_SMALL) ,"check pubkey too small"}, +{ERR_REASON(DH_R_CHECK_P_NOT_PRIME) ,"check p not prime"}, +{ERR_REASON(DH_R_CHECK_P_NOT_SAFE_PRIME) ,"check p not safe prime"}, +{ERR_REASON(DH_R_CHECK_Q_NOT_PRIME) ,"check q not prime"}, +{ERR_REASON(DH_R_MISSING_PUBKEY) ,"missing pubkey"}, +{ERR_REASON(DH_R_NOT_SUITABLE_GENERATOR) ,"not suitable generator"}, +{ERR_REASON(DH_R_UNABLE_TO_CHECK_GENERATOR),"unable to check generator"}, {0,NULL} }; diff --git a/externals/libressl/crypto/dh/dh_gen.c b/externals/libressl/crypto/dh/dh_gen.c index 99394113e..6b49a2875 100755 --- a/externals/libressl/crypto/dh/dh_gen.c +++ b/externals/libressl/crypto/dh/dh_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_gen.c,v 1.17 2022/01/07 09:27:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,8 @@ #include #include +#include "dh_local.h" + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); diff --git a/externals/libressl/crypto/dh/dh_key.c b/externals/libressl/crypto/dh/dh_key.c index a77e7956d..92429318d 100755 --- a/externals/libressl/crypto/dh/dh_key.c +++ b/externals/libressl/crypto/dh/dh_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_key.c,v 1.36 2018/11/12 17:39:17 tb Exp $ */ +/* $OpenBSD: dh_key.c,v 1.37 2022/01/07 09:27:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,7 @@ #include #include "bn_lcl.h" +#include "dh_local.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/externals/libressl/crypto/dh/dh_lib.c b/externals/libressl/crypto/dh/dh_lib.c index 446bc65aa..d4d0c9dda 100755 --- a/externals/libressl/crypto/dh/dh_lib.c +++ b/externals/libressl/crypto/dh/dh_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.36 2022/01/07 09:27:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "dh_local.h" + static const DH_METHOD *default_DH_method = NULL; void @@ -273,6 +275,7 @@ DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) if (q != NULL) { BN_free(dh->q); dh->q = q; + dh->length = BN_num_bits(dh->q); } if (g != NULL) { BN_free(dh->g); @@ -306,6 +309,36 @@ DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM * +DH_get0_p(const DH *dh) +{ + return dh->p; +} + +const BIGNUM * +DH_get0_q(const DH *dh) +{ + return dh->q; +} + +const BIGNUM * +DH_get0_g(const DH *dh) +{ + return dh->g; +} + +const BIGNUM * +DH_get0_priv_key(const DH *dh) +{ + return dh->priv_key; +} + +const BIGNUM * +DH_get0_pub_key(const DH *dh) +{ + return dh->pub_key; +} + void DH_clear_flags(DH *dh, int flags) { @@ -324,6 +357,12 @@ DH_set_flags(DH *dh, int flags) dh->flags |= flags; } +long +DH_get_length(const DH *dh) +{ + return dh->length; +} + int DH_set_length(DH *dh, long length) { diff --git a/externals/libressl/crypto/dh/dh_local.h b/externals/libressl/crypto/dh/dh_local.h new file mode 100755 index 000000000..928f2c0c8 --- /dev/null +++ b/externals/libressl/crypto/dh/dh_local.h @@ -0,0 +1,117 @@ +/* $OpenBSD: dh_local.h,v 1.3 2022/01/14 08:25:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_LOCAL_H +#define HEADER_DH_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; + +struct dh_st { + /* This first argument is used to pick up errors when + * a DH is passed instead of a EVP_PKEY */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* + * Public API in OpenSSL that we only want to use internally. + */ + +int DH_check_params_ex(const DH *dh); +int DH_check_params(const DH *dh, int *flags); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); + +__END_HIDDEN_DECLS + +#endif /* !HEADER_DH_LOCAL_H */ diff --git a/externals/libressl/crypto/dh/dh_pmeth.c b/externals/libressl/crypto/dh/dh_pmeth.c index 24d16ff5d..d2052a815 100755 --- a/externals/libressl/crypto/dh/dh_pmeth.c +++ b/externals/libressl/crypto/dh/dh_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_pmeth.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dh_pmeth.c,v 1.12 2022/01/07 09:27:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,6 +67,8 @@ #include #include +#include "bn_lcl.h" +#include "dh_local.h" #include "evp_locl.h" /* DH pkey context structure */ diff --git a/externals/libressl/crypto/dsa/dsa_ameth.c b/externals/libressl/crypto/dsa/dsa_ameth.c index cfb33237e..9b8f09d96 100755 --- a/externals/libressl/crypto/dsa/dsa_ameth.c +++ b/externals/libressl/crypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.28 2019/11/01 15:15:35 jsing Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.35 2022/04/07 17:38:24 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -69,6 +69,8 @@ #include "asn1_locl.h" #include "bn_lcl.h" +#include "dsa_locl.h" +#include "evp_locl.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) @@ -131,47 +133,46 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; - int ptype; + ASN1_INTEGER *pubint = NULL; + ASN1_STRING *str = NULL; + int ptype = V_ASN1_UNDEF; unsigned char *penc = NULL; int penclen; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; - - str = ASN1_STRING_new(); - if (str == NULL) { + if ((str = ASN1_STRING_new()) == NULL) { DSAerror(ERR_R_MALLOC_FAILURE); goto err; } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(str); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; - } else - ptype = V_ASN1_UNDEF; + } - dsa->write_params = 0; + if ((pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL)) == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } - penclen = i2d_DSAPublicKey(dsa, &penc); + penclen = i2d_ASN1_INTEGER(pubint, &penc); + ASN1_INTEGER_free(pubint); if (penclen <= 0) { DSAerror(ERR_R_MALLOC_FAILURE); goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval, + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, str, penc, penclen)) return 1; -err: + err: free(penc); - ASN1_STRING_free(pval); + ASN1_STRING_free(str); return 0; } @@ -478,13 +479,32 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; BN_CTX *ctx = NULL; - BIGNUM *j, *p1, *newp1; + BIGNUM *j, *p1, *newp1, *powg; + int qbits; if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { DSAerror(ERR_R_DSA_LIB); return 0; } + /* FIPS 186-3 allows only three different sizes for q. */ + qbits = BN_num_bits(dsa->q); + if (qbits != 160 && qbits != 224 && qbits != 256) { + DSAerror(DSA_R_BAD_Q_VALUE); + goto err; + } + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerror(DSA_R_MODULUS_TOO_LARGE); + goto err; + } + + /* Check that 1 < g < p. */ + if (BN_cmp(dsa->g, BN_value_one()) <= 0 || + BN_cmp(dsa->g, dsa->p) >= 0) { + DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -496,7 +516,8 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) j = BN_CTX_get(ctx); p1 = BN_CTX_get(ctx); newp1 = BN_CTX_get(ctx); - if (j == NULL || p1 == NULL || newp1 == NULL) + powg = BN_CTX_get(ctx); + if (j == NULL || p1 == NULL || newp1 == NULL || powg == NULL) goto err; /* p1 = p - 1 */ if (BN_sub(p1, dsa->p, BN_value_one()) == 0) @@ -512,6 +533,19 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) goto err; } + /* + * Check that g generates a multiplicative subgroup of order q. + * We only check that g^q == 1, so the order is a divisor of q. + * Once we know that q is prime, this is enough. + */ + + if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx)) + goto err; + if (BN_cmp(powg, BN_value_one()) != 0) { + DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ + goto err; + } + /* * Check that q is not a composite number. */ diff --git a/externals/libressl/crypto/dsa/dsa_asn1.c b/externals/libressl/crypto/dsa/dsa_asn1.c index 23f08bb1f..daa970e31 100755 --- a/externals/libressl/crypto/dsa/dsa_asn1.c +++ b/externals/libressl/crypto/dsa/dsa_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +/* $OpenBSD: dsa_asn1.c,v 1.24 2022/01/14 08:29:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -64,6 +64,8 @@ #include #include +#include "dsa_locl.h" + /* Override the default new methods */ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) @@ -327,14 +329,15 @@ i2d_DSAparams_fp(FILE *fp, DSA *a) return ASN1_item_i2d_fp(&DSAparams_it, fp, a); } -/* - * DSA public key is a bit trickier... its effectively a CHOICE type - * decided by a field called write_params which can either write out - * just the public key as an INTEGER or the parameters and public key - * in a SEQUENCE - */ - -static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = { +static const ASN1_AUX DSAPublicKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSAPublicKey_seq_tt[] = { { .flags = 0, .tag = 0, @@ -365,52 +368,16 @@ static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = { }, }; -const ASN1_ITEM dsa_pub_internal_it = { +const ASN1_ITEM DSAPublicKey_it = { .itype = ASN1_ITYPE_SEQUENCE, .utype = V_ASN1_SEQUENCE, - .templates = dsa_pub_internal_seq_tt, - .tcount = sizeof(dsa_pub_internal_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(DSA), - .sname = "DSA", -}; - -static const ASN1_AUX DSAPublicKey_aux = { - .app_data = NULL, - .flags = 0, - .ref_offset = 0, - .ref_lock = 0, - .asn1_cb = dsa_cb, - .enc_offset = 0, -}; -static const ASN1_TEMPLATE DSAPublicKey_ch_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(DSA, pub_key), - .field_name = "pub_key", - .item = &BIGNUM_it, - }, - { - .flags = 0 | ASN1_TFLG_COMBINE, - .tag = 0, - .offset = 0, - .field_name = NULL, - .item = &dsa_pub_internal_it, - }, -}; - -const ASN1_ITEM DSAPublicKey_it = { - .itype = ASN1_ITYPE_CHOICE, - .utype = offsetof(DSA, write_params), - .templates = DSAPublicKey_ch_tt, - .tcount = sizeof(DSAPublicKey_ch_tt) / sizeof(ASN1_TEMPLATE), + .templates = DSAPublicKey_seq_tt, + .tcount = sizeof(DSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE), .funcs = &DSAPublicKey_aux, .size = sizeof(DSA), .sname = "DSA", }; - DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **in, long len) { diff --git a/externals/libressl/crypto/dsa/dsa_depr.c b/externals/libressl/crypto/dsa/dsa_depr.c index 269cd6345..673e7000a 100755 --- a/externals/libressl/crypto/dsa/dsa_depr.c +++ b/externals/libressl/crypto/dsa/dsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: dsa_depr.c,v 1.8 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -68,6 +68,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED DSA * DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, diff --git a/externals/libressl/crypto/dsa/dsa_key.c b/externals/libressl/crypto/dsa/dsa_key.c index a0487e98b..a5053ec29 100755 --- a/externals/libressl/crypto/dsa/dsa_key.c +++ b/externals/libressl/crypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.29 2018/11/09 23:45:19 tb Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.30 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,7 +65,9 @@ #include #include + #include "bn_lcl.h" +#include "dsa_locl.h" static int dsa_builtin_keygen(DSA *dsa); diff --git a/externals/libressl/crypto/dsa/dsa_lib.c b/externals/libressl/crypto/dsa/dsa_lib.c index d5fdd6e78..1369c6f74 100755 --- a/externals/libressl/crypto/dsa/dsa_lib.c +++ b/externals/libressl/crypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.34 2022/01/14 08:29:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,6 +74,9 @@ #include #endif +#include "dh_local.h" +#include "dsa_locl.h" + static const DSA_METHOD *default_DSA_method = NULL; void @@ -151,7 +154,6 @@ DSA_new_method(ENGINE *engine) ret->pad = 0; ret->version = 0; - ret->write_params = 1; ret->p = NULL; ret->q = NULL; ret->g = NULL; @@ -174,7 +176,7 @@ DSA_new_method(ENGINE *engine) free(ret); ret = NULL; } - + return ret; } @@ -361,6 +363,36 @@ DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM * +DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM * +DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM * +DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM * +DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM * +DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + void DSA_clear_flags(DSA *d, int flags) { @@ -384,3 +416,9 @@ DSA_get0_engine(DSA *d) { return d->engine; } + +int +DSA_bits(const DSA *dsa) +{ + return BN_num_bits(dsa->p); +} diff --git a/externals/libressl/crypto/dsa/dsa_locl.h b/externals/libressl/crypto/dsa/dsa_locl.h index cdb38e036..299c67a6b 100755 --- a/externals/libressl/crypto/dsa/dsa_locl.h +++ b/externals/libressl/crypto/dsa/dsa_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: dsa_locl.h,v 1.5 2022/01/14 08:29:06 tb Exp $ */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * @@ -57,6 +57,59 @@ __BEGIN_HIDDEN_DECLS +struct DSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +} /* DSA_SIG */; + +struct dsa_method { + const char *name; + DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(DSA *dsa); + int (*finish)(DSA *dsa); + int flags; + char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, const unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); +} /* DSA_METHOD */; + +struct dsa_st { + /* This first variable is used to pick up errors where + * a DSA is passed instead of of a EVP_PKEY */ + int pad; + long version; + BIGNUM *p; + BIGNUM *q; /* == 20 */ + BIGNUM *g; + + BIGNUM *pub_key; /* y public key */ + BIGNUM *priv_key; /* x private key */ + + BIGNUM *kinv; /* Signing pre-calc */ + BIGNUM *r; /* Signing pre-calc */ + + int flags; + /* Normally used to cache montgomery values */ + BN_MONT_CTX *method_mont_p; + int references; + CRYPTO_EX_DATA ex_data; + const DSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; +} /* DSA */; + int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, diff --git a/externals/libressl/crypto/dsa/dsa_meth.c b/externals/libressl/crypto/dsa/dsa_meth.c index e6f043f83..f8ed0352a 100755 --- a/externals/libressl/crypto/dsa/dsa_meth.c +++ b/externals/libressl/crypto/dsa/dsa_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_meth.c,v 1.1 2018/03/17 15:19:12 tb Exp $ */ +/* $OpenBSD: dsa_meth.c,v 1.2 2022/01/07 09:35:36 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -21,6 +21,8 @@ #include #include +#include "dsa_locl.h" + DSA_METHOD * DSA_meth_new(const char *name, int flags) { diff --git a/externals/libressl/crypto/dsa/dsa_ossl.c b/externals/libressl/crypto/dsa/dsa_ossl.c index ecf266246..c306fc2d6 100755 --- a/externals/libressl/crypto/dsa/dsa_ossl.c +++ b/externals/libressl/crypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.42 2019/06/04 18:12:26 tb Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.44 2022/02/24 08:35:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,7 @@ #include #include "bn_lcl.h" +#include "dsa_locl.h" static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, @@ -314,24 +315,25 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) BN_CTX *ctx; BIGNUM u1, u2, t1; BN_MONT_CTX *mont = NULL; - int ret = -1, i; + int qbits; + int ret = -1; if (!dsa->p || !dsa->q || !dsa->g) { DSAerror(DSA_R_MISSING_PARAMETERS); return -1; } - i = BN_num_bits(dsa->q); /* FIPS 186-3 allows only three different sizes for q. */ - if (i != 160 && i != 224 && i != 256) { + qbits = BN_num_bits(dsa->q); + if (qbits != 160 && qbits != 224 && qbits != 256) { DSAerror(DSA_R_BAD_Q_VALUE); return -1; } - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerror(DSA_R_MODULUS_TOO_LARGE); return -1; } + BN_init(&u1); BN_init(&u2); BN_init(&t1); @@ -358,8 +360,8 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) * If the digest length is greater than the size of q use the * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. */ - if (dgst_len > (i >> 3)) - dgst_len = (i >> 3); + if (dgst_len > (qbits >> 3)) + dgst_len = (qbits >> 3); /* Save m in u1. */ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) diff --git a/externals/libressl/crypto/dsa/dsa_pmeth.c b/externals/libressl/crypto/dsa/dsa_pmeth.c index dd0da348b..ef89e2be3 100755 --- a/externals/libressl/crypto/dsa/dsa_pmeth.c +++ b/externals/libressl/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.13 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -66,6 +66,7 @@ #include #include +#include "bn_lcl.h" #include "dsa_locl.h" #include "evp_locl.h" diff --git a/externals/libressl/crypto/dsa/dsa_sign.c b/externals/libressl/crypto/dsa/dsa_sign.c index 0f55ea186..b1fc1dbb4 100755 --- a/externals/libressl/crypto/dsa/dsa_sign.c +++ b/externals/libressl/crypto/dsa/dsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_sign.c,v 1.20 2018/06/14 17:01:49 jsing Exp $ */ +/* $OpenBSD: dsa_sign.c,v 1.21 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,8 @@ #include #include +#include "dsa_locl.h" + DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/externals/libressl/crypto/dsa/dsa_vrf.c b/externals/libressl/crypto/dsa/dsa_vrf.c index 1965338f1..38f8450e7 100755 --- a/externals/libressl/crypto/dsa/dsa_vrf.c +++ b/externals/libressl/crypto/dsa/dsa_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_vrf.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: dsa_vrf.c,v 1.17 2022/01/07 09:35:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +60,8 @@ #include +#include "dsa_locl.h" + int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { diff --git a/externals/libressl/crypto/ec/ec2_oct.c b/externals/libressl/crypto/ec/ec2_oct.c index 268eccf47..832083c62 100755 --- a/externals/libressl/crypto/ec/ec2_oct.c +++ b/externals/libressl/crypto/ec/ec2_oct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec2_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */ +/* $OpenBSD: ec2_oct.c,v 1.16 2021/05/03 14:42:45 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -121,6 +121,10 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err; if (BN_is_zero(x)) { + if (y_bit != 0) { + ECerror(EC_R_INVALID_COMPRESSED_POINT); + goto err; + } if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err; } else { @@ -152,7 +156,7 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point } } - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -221,7 +225,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if ((yxi = BN_CTX_get(ctx)) == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; buf[0] = form; @@ -280,10 +284,11 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, } -/* Converts an octet string representation to an EC_POINT. +/* + * Converts an octet string representation to an EC_POINT. * Note that the simple implementation only uses affine coordinates. */ -int +int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, const unsigned char *buf, size_t len, BN_CTX *ctx) { @@ -298,19 +303,35 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, ECerror(EC_R_BUFFER_TOO_SMALL); return 0; } - form = buf[0]; - y_bit = form & 1; - form = form & ~1U; - if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) && - (form != POINT_CONVERSION_UNCOMPRESSED) && - (form != POINT_CONVERSION_HYBRID)) { + + /* + * The first octet is the point conversion octet PC, see X9.62, page 4 + * and section 4.4.2. It must be: + * 0x00 for the point at infinity + * 0x02 or 0x03 for compressed form + * 0x04 for uncompressed form + * 0x06 or 0x07 for hybrid form. + * For compressed or hybrid forms, we store the last bit of buf[0] as + * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*. + * We error if buf[0] contains any but the above values. + */ + y_bit = buf[0] & 1; + form = buf[0] & ~1U; + + if (form != 0 && form != POINT_CONVERSION_COMPRESSED && + form != POINT_CONVERSION_UNCOMPRESSED && + form != POINT_CONVERSION_HYBRID) { ECerror(EC_R_INVALID_ENCODING); return 0; } - if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { - ECerror(EC_R_INVALID_ENCODING); - return 0; + if (form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) { + if (y_bit != 0) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } } + + /* The point at infinity is represented by a single zero octet. */ if (form == 0) { if (len != 1) { ECerror(EC_R_INVALID_ENCODING); @@ -318,6 +339,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } return EC_POINT_set_to_infinity(group, point); } + field_len = (EC_GROUP_get_degree(group) + 7) / 8; enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; @@ -326,6 +348,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, ECerror(EC_R_INVALID_ENCODING); return 0; } + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) @@ -346,7 +369,11 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, goto err; } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) + /* + * EC_POINT_set_compressed_coordinates checks that the + * point is on the curve as required by X9.62. + */ + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -356,22 +383,34 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, goto err; } if (form == POINT_CONVERSION_HYBRID) { - if (!group->meth->field_div(group, yxi, y, x, ctx)) - goto err; - if (y_bit != BN_is_odd(yxi)) { - ECerror(EC_R_INVALID_ENCODING); - goto err; + /* + * Check that the form in the encoding was set + * correctly according to X9.62 4.4.2.a, 4(c), + * see also first paragraph of X9.62 4.4.1.b. + */ + if (BN_is_zero(x)) { + if (y_bit != 0) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + } else { + if (!group->meth->field_div(group, yxi, y, x, + ctx)) + goto err; + if (y_bit != BN_is_odd(yxi)) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } } } - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + /* + * EC_POINT_set_affine_coordinates checks that the + * point is on the curve as required by X9.62. + */ + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } - /* test required by X9.62 */ - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerror(EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } ret = 1; err: diff --git a/externals/libressl/crypto/ec/ec2_smpl.c b/externals/libressl/crypto/ec/ec2_smpl.c index 936cee489..9f3b380bf 100755 --- a/externals/libressl/crypto/ec/ec2_smpl.c +++ b/externals/libressl/crypto/ec/ec2_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec2_smpl.c,v 1.21 2018/11/05 20:18:21 tb Exp $ */ +/* $OpenBSD: ec2_smpl.c,v 1.23 2021/09/08 17:29:21 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -88,17 +88,18 @@ EC_GF2m_simple_method(void) .group_set_curve = ec_GF2m_simple_group_set_curve, .group_get_curve = ec_GF2m_simple_group_get_curve, .group_get_degree = ec_GF2m_simple_group_get_degree, + .group_order_bits = ec_group_simple_order_bits, .group_check_discriminant = - ec_GF2m_simple_group_check_discriminant, + ec_GF2m_simple_group_check_discriminant, .point_init = ec_GF2m_simple_point_init, .point_finish = ec_GF2m_simple_point_finish, .point_clear_finish = ec_GF2m_simple_point_clear_finish, .point_copy = ec_GF2m_simple_point_copy, .point_set_to_infinity = ec_GF2m_simple_point_set_to_infinity, .point_set_affine_coordinates = - ec_GF2m_simple_point_set_affine_coordinates, + ec_GF2m_simple_point_set_affine_coordinates, .point_get_affine_coordinates = - ec_GF2m_simple_point_get_affine_coordinates, + ec_GF2m_simple_point_get_affine_coordinates, .add = ec_GF2m_simple_add, .dbl = ec_GF2m_simple_dbl, .invert = ec_GF2m_simple_invert, @@ -483,7 +484,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y0, &a->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx)) goto err; } if (b->Z_is_one) { @@ -492,7 +493,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y1, &b->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx)) goto err; } @@ -541,7 +542,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_GF2m_add(y2, y2, y1)) goto err; - if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) + if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx)) goto err; ret = 1; @@ -684,9 +685,9 @@ ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if ((bY = BN_CTX_get(ctx)) == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx)) goto err; ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; @@ -720,7 +721,7 @@ ec_GF2m_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ct if ((y = BN_CTX_get(ctx)) == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if (!BN_copy(&point->X, x)) goto err; diff --git a/externals/libressl/crypto/ec/ec_ameth.c b/externals/libressl/crypto/ec/ec_ameth.c index 2e73bdd2f..86f509b73 100755 --- a/externals/libressl/crypto/ec/ec_ameth.c +++ b/externals/libressl/crypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.28 2019/09/09 20:26:16 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.31 2022/01/10 12:10:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,6 +67,8 @@ #include #include "asn1_locl.h" +#include "ec_lcl.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); @@ -619,6 +621,41 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2) } +static int +ec_pkey_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + if (eckey->priv_key == NULL) { + ECerror(EC_R_MISSING_PRIVATE_KEY); + return 0; + } + + return EC_KEY_check_key(eckey); +} + +static int +ec_pkey_public_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* This also checks the private key, but oh, well... */ + return EC_KEY_check_key(eckey); +} + +static int +ec_pkey_param_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + if (eckey->group == NULL) { + ECerror(EC_R_MISSING_PARAMETERS); + return 0; + } + + return EC_GROUP_check(eckey->group, NULL); +} + #ifndef OPENSSL_NO_CMS static int @@ -980,5 +1017,9 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { .pkey_free = int_ec_free, .pkey_ctrl = ec_pkey_ctrl, .old_priv_decode = old_ec_priv_decode, - .old_priv_encode = old_ec_priv_encode + .old_priv_encode = old_ec_priv_encode, + + .pkey_check = ec_pkey_check, + .pkey_public_check = ec_pkey_public_check, + .pkey_param_check = ec_pkey_param_check, }; diff --git a/externals/libressl/crypto/ec/ec_asn1.c b/externals/libressl/crypto/ec/ec_asn1.c index f69dd023d..4cf0bf597 100755 --- a/externals/libressl/crypto/ec/ec_asn1.c +++ b/externals/libressl/crypto/ec/ec_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1.c,v 1.31 2018/09/01 16:23:15 tb Exp $ */ +/* $OpenBSD: ec_asn1.c,v 1.36 2022/03/31 13:00:58 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -295,7 +295,6 @@ static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { .flags = 0, .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), - .app_items = 0, .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &char_two_def_tt, @@ -387,7 +386,6 @@ static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { static const ASN1_ADB X9_62_FIELDID_adb = { .flags = 0, .offset = offsetof(X9_62_FIELDID, fieldType), - .app_items = 0, .tbl = X9_62_FIELDID_adbtbl, .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &fieldID_def_tt, @@ -709,7 +707,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) goto err; } /* the parameters are specified by the prime number p */ - if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { + if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { ECerror(ERR_R_EC_LIB); goto err; } @@ -801,12 +799,12 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) static int ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) { - int ok = 0, nid; BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, *b_buf = NULL; size_t len_1, len_2; unsigned char char_zero = 0; + int ok = 0; if (!group || !curve || !curve->a || !curve->b) return 0; @@ -815,23 +813,12 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) ECerror(ERR_R_MALLOC_FAILURE); goto err; } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* get a and b */ - if (nid == NID_X9_62_prime_field) { - if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { - ECerror(ERR_R_EC_LIB); - goto err; - } + if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; } -#ifndef OPENSSL_NO_EC2M - else { /* nid == NID_X9_62_characteristic_two_field */ - if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { - ECerror(ERR_R_EC_LIB); - goto err; - } - } -#endif len_1 = (size_t) BN_num_bytes(tmp_1); len_2 = (size_t) BN_num_bytes(tmp_2); @@ -1028,7 +1015,7 @@ ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params) if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) ok = 0; } else - /* we don't kmow the nid => ERROR */ + /* we don't know the group => ERROR */ ok = 0; } else { /* use the ECPARAMETERS structure */ @@ -1298,7 +1285,7 @@ EC_GROUP * d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) { EC_GROUP *group = NULL; - ECPKPARAMETERS *params = NULL; + ECPKPARAMETERS *params; if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE); @@ -1345,13 +1332,8 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { ECerror(ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } if (a == NULL || *a == NULL) { diff --git a/externals/libressl/crypto/ec/ec_curve.c b/externals/libressl/crypto/ec/ec_curve.c index 84a565d43..b575f7bac 100755 --- a/externals/libressl/crypto/ec/ec_curve.c +++ b/externals/libressl/crypto/ec/ec_curve.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_curve.c,v 1.20 2020/06/05 17:12:09 jsing Exp $ */ +/* $OpenBSD: ec_curve.c,v 1.21 2021/04/20 17:16:37 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -3373,7 +3373,7 @@ ec_group_new_from_data(const ec_list_element curve) ECerror(ERR_R_BN_LIB); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { ECerror(ERR_R_EC_LIB); goto err; } diff --git a/externals/libressl/crypto/ec/ec_cvt.c b/externals/libressl/crypto/ec/ec_cvt.c index a0982064b..05c7dd1bf 100755 --- a/externals/libressl/crypto/ec/ec_cvt.c +++ b/externals/libressl/crypto/ec/ec_cvt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_cvt.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */ +/* $OpenBSD: ec_cvt.c,v 1.7 2021/04/20 17:04:13 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -112,7 +112,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { unsigned long err; err = ERR_peek_last_error(); @@ -136,7 +136,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } @@ -158,7 +158,7 @@ EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } diff --git a/externals/libressl/crypto/ec/ec_key.c b/externals/libressl/crypto/ec/ec_key.c index 1d0a03ac8..27b8f2660 100755 --- a/externals/libressl/crypto/ec/ec_key.c +++ b/externals/libressl/crypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.24 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.26 2021/04/20 17:23:37 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -381,7 +381,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y) BN_CTX *ctx = NULL; BIGNUM *tx, *ty; EC_POINT *point = NULL; - int ok = 0, tmp_nid, is_char_two = 0; + int ok = 0; if (!key || !key->group || !x || !y) { ECerror(ERR_R_PASSED_NULL_PARAMETER); @@ -396,34 +396,15 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y) if (!point) goto err; - tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; - if ((tx = BN_CTX_get(ctx)) == NULL) goto err; if ((ty = BN_CTX_get(ctx)) == NULL) goto err; -#ifndef OPENSSL_NO_EC2M - if (is_char_two) { - if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point, - tx, ty, ctx)) - goto err; - } else -#endif - { - if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GFp(key->group, point, - tx, ty, ctx)) - goto err; - } + if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx)) + goto err; /* * Check if retrieved coordinates match originals: if not values are * out of range. diff --git a/externals/libressl/crypto/ec/ec_kmeth.c b/externals/libressl/crypto/ec/ec_kmeth.c index 1fb9e57f3..4203dff2d 100755 --- a/externals/libressl/crypto/ec/ec_kmeth.c +++ b/externals/libressl/crypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.5 2019/05/10 19:15:06 bcook Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.6 2021/12/04 16:08:32 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -58,6 +58,7 @@ #endif #include +#include "bn_lcl.h" #include "ec_lcl.h" #include "ecs_locl.h" diff --git a/externals/libressl/crypto/ec/ec_lcl.h b/externals/libressl/crypto/ec/ec_lcl.h index 8948e51d6..7a7469968 100755 --- a/externals/libressl/crypto/ec/ec_lcl.h +++ b/externals/libressl/crypto/ec/ec_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lcl.h,v 1.13 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ec_lcl.h,v 1.19 2021/12/04 16:08:32 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -76,6 +76,8 @@ #include #include +#include "bn_lcl.h" + __BEGIN_HIDDEN_DECLS #if defined(__SUNPRO_C) @@ -105,14 +107,14 @@ struct ec_method_st { void (*group_clear_finish)(EC_GROUP *); int (*group_copy)(EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ - /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ + /* used by EC_GROUP_{get,set}_curve */ int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); /* used by EC_GROUP_get_degree: */ int (*group_get_degree)(const EC_GROUP *); - + /* used by EC_GROUP_order_bits: */ + int (*group_order_bits)(const EC_GROUP *); /* used by EC_GROUP_check: */ int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); @@ -122,17 +124,18 @@ struct ec_method_st { void (*point_clear_finish)(EC_POINT *); int (*point_copy)(EC_POINT *, const EC_POINT *); - /* used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, - * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: + /* + * used by EC_POINT_set_to_infinity, + * EC_POINT_set_Jprojective_coordinates, + * EC_POINT_get_Jprojective_coordinates, + * EC_POINT_set_affine_coordinates, + * EC_POINT_get_affine_coordinates, + * EC_POINT_set_compressed_coordinates: */ int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); - int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, + int (*point_set_Jprojective_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); - int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, + int (*point_get_Jprojective_coordinates)(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); @@ -282,7 +285,7 @@ void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); - +int ec_group_simple_order_bits(const EC_GROUP *group); struct ec_point_st { const EC_METHOD *meth; @@ -297,8 +300,6 @@ struct ec_point_st { int Z_is_one; /* enable optimized point arithmetics for special case */ } /* EC_POINT */; - - /* method functions in ec_mult.c * (ec_lib.c uses these as defaults if group->method->mul is 0) */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, @@ -321,10 +322,10 @@ void ec_GFp_simple_point_finish(EC_POINT *); void ec_GFp_simple_point_clear_finish(EC_POINT *); int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); -int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); -int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); +int ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); +int ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *, + const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, diff --git a/externals/libressl/crypto/ec/ec_lib.c b/externals/libressl/crypto/ec/ec_lib.c index df9061627..4ec17d5d5 100755 --- a/externals/libressl/crypto/ec/ec_lib.c +++ b/externals/libressl/crypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.32 2019/09/29 10:09:09 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.45 2022/04/07 17:37:25 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -100,7 +100,7 @@ EC_GROUP_new(const EC_METHOD * meth) BN_init(&ret->cofactor); ret->curve_name = 0; - ret->asn1_flag = 0; + ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; ret->seed = NULL; @@ -114,7 +114,7 @@ EC_GROUP_new(const EC_METHOD * meth) } -void +void EC_GROUP_free(EC_GROUP * group) { if (!group) @@ -135,7 +135,7 @@ EC_GROUP_free(EC_GROUP * group) } -void +void EC_GROUP_clear_free(EC_GROUP * group) { if (!group) @@ -157,7 +157,7 @@ EC_GROUP_clear_free(EC_GROUP * group) } -int +int EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src) { EC_EXTRA_DATA *d; @@ -247,7 +247,7 @@ EC_GROUP_method_of(const EC_GROUP *group) } -int +int EC_METHOD_get_field_type(const EC_METHOD *meth) { return meth->field_type; @@ -300,7 +300,7 @@ ec_guess_cofactor(EC_GROUP *group) if (!BN_copy(q, &group->field)) goto err; } - + /* * Compute * h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2) / n \rfloor. @@ -321,14 +321,18 @@ ec_guess_cofactor(EC_GROUP *group) goto err; ret = 1; + err: BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_zero(&group->cofactor); + + if (ret != 1) + BN_zero(&group->cofactor); + return ret; } -int +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -344,10 +348,10 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } /* - * Require order >= 1 and enforce an upper bound of at most one bit more + * Require order > 1 and enforce an upper bound of at most one bit more * than the field cardinality due to Hasse's theorem. */ - if (order == NULL || BN_is_zero(order) || BN_is_negative(order) || + if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 || BN_num_bits(order) > BN_num_bits(&group->field) + 1) { ECerror(EC_R_INVALID_GROUP_ORDER); return 0; @@ -381,6 +385,12 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } else if (!ec_guess_cofactor(group)) return 0; + /* Use Hasse's theorem to bound the cofactor. */ + if (BN_num_bits(&group->cofactor) > BN_num_bits(&group->field) + 1) { + ECerror(EC_R_INVALID_GROUP_ORDER); + return 0; + } + return 1; } @@ -392,7 +402,7 @@ EC_GROUP_get0_generator(const EC_GROUP *group) } -int +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { if (!BN_copy(order, &group->order)) @@ -401,8 +411,13 @@ EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) return !BN_is_zero(order); } +int +EC_GROUP_order_bits(const EC_GROUP *group) +{ + return group->meth->group_order_bits(group); +} -int +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) { if (!BN_copy(cofactor, &group->cofactor)) @@ -412,35 +427,35 @@ EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) } -void +void EC_GROUP_set_curve_name(EC_GROUP * group, int nid) { group->curve_name = nid; } -int +int EC_GROUP_get_curve_name(const EC_GROUP * group) { return group->curve_name; } -void +void EC_GROUP_set_asn1_flag(EC_GROUP * group, int flag) { group->asn1_flag = flag; } -int +int EC_GROUP_get_asn1_flag(const EC_GROUP * group) { return group->asn1_flag; } -void +void EC_GROUP_set_point_conversion_form(EC_GROUP * group, point_conversion_form_t form) { @@ -448,14 +463,14 @@ EC_GROUP_set_point_conversion_form(EC_GROUP * group, } -point_conversion_form_t +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP * group) { return group->asn1_form; } -size_t +size_t EC_GROUP_set_seed(EC_GROUP * group, const unsigned char *p, size_t len) { if (group->seed) { @@ -482,62 +497,65 @@ EC_GROUP_get0_seed(const EC_GROUP * group) } -size_t +size_t EC_GROUP_get_seed_len(const EC_GROUP * group) { return group->seed_len; } - -int -EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a, - const BIGNUM * b, BN_CTX * ctx) +int +EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_curve == 0) { + if (group->meth->group_set_curve == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_set_curve(group, p, a, b, ctx); } - -int -EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, - BIGNUM * b, BN_CTX * ctx) +int +EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { + if (group->meth->group_get_curve == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_get_curve(group, p, a, b, ctx); } +int +EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return EC_GROUP_set_curve(group, p, a, b, ctx); +} + +int +EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx) +{ + return EC_GROUP_get_curve(group, p, a, b, ctx); +} + #ifndef OPENSSL_NO_EC2M -int -EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a, - const BIGNUM * b, BN_CTX * ctx) +int +EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_curve == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); + return EC_GROUP_set_curve(group, p, a, b, ctx); } - -int -EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, - BIGNUM * b, BN_CTX * ctx) +int +EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); + return EC_GROUP_get_curve(group, p, a, b, ctx); } #endif -int +int EC_GROUP_get_degree(const EC_GROUP * group) { if (group->meth->group_get_degree == 0) { @@ -548,7 +566,7 @@ EC_GROUP_get_degree(const EC_GROUP * group) } -int +int EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) { if (group->meth->group_check_discriminant == 0) { @@ -559,7 +577,7 @@ EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) } -int +int EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx) { int r = 0; @@ -652,7 +670,7 @@ ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) } /* this has 'package' visibility */ -int +int EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -708,7 +726,7 @@ EC_EX_DATA_get_data(const EC_EXTRA_DATA * ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -735,7 +753,7 @@ EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, void *(*dup_func) (void *), void (*free_func) (void *), @@ -762,7 +780,7 @@ EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, } /* this has 'package' visibility */ -void +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) { EC_EXTRA_DATA *d; @@ -783,7 +801,7 @@ EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) } /* this has 'package' visibility */ -void +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA ** ex_data) { EC_EXTRA_DATA *d; @@ -834,7 +852,7 @@ EC_POINT_new(const EC_GROUP * group) } -void +void EC_POINT_free(EC_POINT * point) { if (!point) @@ -846,7 +864,7 @@ EC_POINT_free(EC_POINT * point) } -void +void EC_POINT_clear_free(EC_POINT * point) { if (!point) @@ -860,7 +878,7 @@ EC_POINT_clear_free(EC_POINT * point) } -int +int EC_POINT_copy(EC_POINT * dest, const EC_POINT * src) { if (dest->meth->point_copy == 0) { @@ -905,7 +923,7 @@ EC_POINT_method_of(const EC_POINT * point) } -int +int EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point) { if (group->meth->point_set_to_infinity == 0) { @@ -919,28 +937,57 @@ EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point) return group->meth->point_set_to_infinity(group, point); } +int +EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) +{ + if (group->meth->point_set_Jprojective_coordinates == NULL) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_set_Jprojective_coordinates(group, point, + x, y, z, ctx); +} -int +int +EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) +{ + if (group->meth->point_get_Jprojective_coordinates == NULL) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + return group->meth->point_get_Jprojective_coordinates(group, point, + x, y, z, ctx); +} + +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) { - if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ECerror(EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); + return EC_POINT_set_Jprojective_coordinates(group, point, x, y, z, ctx); } - -int +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) { - if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { + return EC_POINT_get_Jprojective_coordinates(group, point, x, y, z, ctx); +} + +int +EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_set_affine_coordinates == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -948,31 +995,36 @@ EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); + if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) + return 0; + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + return 0; + } + return 1; } - -int +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ECerror(EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); } #ifndef OPENSSL_NO_EC2M -int +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); +} +#endif + +int +EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_get_affine_coordinates == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -980,43 +1032,26 @@ EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#endif -int +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ECerror(EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } #ifndef OPENSSL_NO_EC2M -int +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ECerror(EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } #endif -int +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { @@ -1032,7 +1067,7 @@ EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, } -int +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) { if (group->meth->dbl == 0) { @@ -1047,7 +1082,7 @@ EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) } -int +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { if (group->meth->invert == 0) { @@ -1062,7 +1097,7 @@ EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) } -int +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) { if (group->meth->is_at_infinity == 0) { @@ -1077,7 +1112,7 @@ EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) } -int +int EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) { if (group->meth->is_on_curve == 0) { @@ -1092,7 +1127,7 @@ EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ct } -int +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX * ctx) { @@ -1108,7 +1143,7 @@ EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, } -int +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { if (group->meth->make_affine == 0) { @@ -1123,7 +1158,7 @@ EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) } -int +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { @@ -1144,7 +1179,7 @@ EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], /* Functions for point multiplication */ -int +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { @@ -1159,22 +1194,22 @@ EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - + /* Either bP or aG + bP, this is sane. */ if (num == 1 && points != NULL && scalars != NULL) return EC_POINT_mul(group, r, scalar, points[0], scalars[0], ctx); - + /* aG, this is sane */ if (scalar != NULL && points == NULL && scalars == NULL) return EC_POINT_mul(group, r, scalar, NULL, NULL, ctx); - + /* anything else is an error */ ECerror(ERR_R_EC_LIB); return 0; } -int +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { @@ -1216,13 +1251,13 @@ EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return group->meth->mul_double_nonct(group, r, g_scalar, p_scalar, point, ctx); } - + /* Anything else is an error. */ ECerror(ERR_R_EC_LIB); return 0; } -int +int EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx) { if (group->meth->precompute_mult != 0) @@ -1231,7 +1266,7 @@ EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx) return 1; /* nothing to do, so report success */ } -int +int EC_GROUP_have_precompute_mult(const EC_GROUP * group) { if (group->meth->have_precompute_mult != 0) @@ -1241,6 +1276,17 @@ EC_GROUP_have_precompute_mult(const EC_GROUP * group) * been performed */ } +int +ec_group_simple_order_bits(const EC_GROUP *group) +{ + /* XXX change group->order to a pointer? */ +#if 0 + if (group->order == NULL) + return 0; +#endif + return BN_num_bits(&group->order); +} + EC_KEY * ECParameters_dup(EC_KEY *key) { @@ -1254,5 +1300,5 @@ ECParameters_dup(EC_KEY *key) if ((len = i2d_ECParameters(key, &p)) > 0) k = d2i_ECParameters(NULL, (const unsigned char **)&p, len); - return (k); + return (k); } diff --git a/externals/libressl/crypto/ec/ec_oct.c b/externals/libressl/crypto/ec/ec_oct.c index f44b174fd..45968219d 100755 --- a/externals/libressl/crypto/ec/ec_oct.c +++ b/externals/libressl/crypto/ec/ec_oct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_oct.c,v 1.8 2021/04/20 17:34:33 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -70,12 +70,12 @@ #include "ec_lcl.h" -int -EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point, - const BIGNUM * x, int y_bit, BN_CTX * ctx) +int +EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { + if (group->meth->point_set_compressed_coordinates == NULL && + !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -98,36 +98,33 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point group, point, x, y_bit, ctx); #endif } - return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); + if (!group->meth->point_set_compressed_coordinates(group, point, x, + y_bit, ctx)) + return 0; + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + return 0; + } + return 1; +} + +int +EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) +{ + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } #ifndef OPENSSL_NO_EC2M -int -EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point, - const BIGNUM * x, int y_bit, BN_CTX * ctx) +int +EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ECerror(EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ec_GFp_simple_set_compressed_coordinates( - group, point, x, y_bit, ctx); - else - return ec_GF2m_simple_set_compressed_coordinates( - group, point, x, y_bit, ctx); - } - return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } #endif -size_t +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *ctx) @@ -159,8 +156,7 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, return group->meth->point2oct(group, point, form, buf, len, ctx); } - -int +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, const unsigned char *buf, size_t len, BN_CTX *ctx) { diff --git a/externals/libressl/crypto/ec/ec_pmeth.c b/externals/libressl/crypto/ec/ec_pmeth.c index c57d26ae2..63e635925 100755 --- a/externals/libressl/crypto/ec/ec_pmeth.c +++ b/externals/libressl/crypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.13 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -66,6 +66,7 @@ #include #include +#include "bn_lcl.h" #include "ec_lcl.h" #include "ech_locl.h" #include "evp_locl.h" diff --git a/externals/libressl/crypto/ec/eck_prn.c b/externals/libressl/crypto/ec/eck_prn.c index be57d875e..c2fd2ebc8 100755 --- a/externals/libressl/crypto/ec/eck_prn.c +++ b/externals/libressl/crypto/ec/eck_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eck_prn.c,v 1.15 2018/07/15 16:27:39 tb Exp $ */ +/* $OpenBSD: eck_prn.c,v 1.17 2021/04/20 17:12:43 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -64,8 +64,6 @@ #include #include -#include - #include #include #include @@ -214,19 +212,9 @@ ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } -#ifndef OPENSSL_NO_EC2M - if (is_char_two) { - if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } - } else /* prime field */ -#endif - { - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } + if (!EC_GROUP_get_curve(x, p, a, b, ctx)) { + reason = ERR_R_EC_LIB; + goto err; } if ((point = EC_GROUP_get0_generator(x)) == NULL) { diff --git a/externals/libressl/crypto/ec/ecp_mont.c b/externals/libressl/crypto/ec/ecp_mont.c index f4dff9aa4..0da3083d8 100755 --- a/externals/libressl/crypto/ec/ecp_mont.c +++ b/externals/libressl/crypto/ec/ecp_mont.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_mont.c,v 1.17 2018/11/05 20:18:21 tb Exp $ */ +/* $OpenBSD: ecp_mont.c,v 1.20 2021/09/08 17:29:21 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -79,21 +79,22 @@ EC_GFp_mont_method(void) .group_set_curve = ec_GFp_mont_group_set_curve, .group_get_curve = ec_GFp_simple_group_get_curve, .group_get_degree = ec_GFp_simple_group_get_degree, + .group_order_bits = ec_group_simple_order_bits, .group_check_discriminant = - ec_GFp_simple_group_check_discriminant, + ec_GFp_simple_group_check_discriminant, .point_init = ec_GFp_simple_point_init, .point_finish = ec_GFp_simple_point_finish, .point_clear_finish = ec_GFp_simple_point_clear_finish, .point_copy = ec_GFp_simple_point_copy, .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, - .point_set_Jprojective_coordinates_GFp = - ec_GFp_simple_set_Jprojective_coordinates_GFp, - .point_get_Jprojective_coordinates_GFp = - ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_Jprojective_coordinates = + ec_GFp_simple_set_Jprojective_coordinates, + .point_get_Jprojective_coordinates = + ec_GFp_simple_get_Jprojective_coordinates, .point_set_affine_coordinates = - ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_set_affine_coordinates, .point_get_affine_coordinates = - ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, .add = ec_GFp_simple_add, .dbl = ec_GFp_simple_dbl, .invert = ec_GFp_simple_invert, @@ -117,7 +118,7 @@ EC_GFp_mont_method(void) } -int +int ec_GFp_mont_group_init(EC_GROUP * group) { int ok; @@ -129,7 +130,7 @@ ec_GFp_mont_group_init(EC_GROUP * group) } -void +void ec_GFp_mont_group_finish(EC_GROUP * group) { BN_MONT_CTX_free(group->field_data1); @@ -140,7 +141,7 @@ ec_GFp_mont_group_finish(EC_GROUP * group) } -void +void ec_GFp_mont_group_clear_finish(EC_GROUP * group) { BN_MONT_CTX_free(group->field_data1); @@ -151,7 +152,7 @@ ec_GFp_mont_group_clear_finish(EC_GROUP * group) } -int +int ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src) { BN_MONT_CTX_free(dest->field_data1); @@ -185,7 +186,7 @@ ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src) } -int +int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -237,7 +238,7 @@ ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, } -int +int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -249,7 +250,7 @@ ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } -int +int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { @@ -261,7 +262,7 @@ ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } -int +int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { @@ -273,7 +274,7 @@ ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } -int +int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { @@ -285,7 +286,7 @@ ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } -int +int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) { if (group->field_data2 == NULL) { diff --git a/externals/libressl/crypto/ec/ecp_nist.c b/externals/libressl/crypto/ec/ecp_nist.c index 073c0419c..f7dae16e4 100755 --- a/externals/libressl/crypto/ec/ecp_nist.c +++ b/externals/libressl/crypto/ec/ecp_nist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nist.c,v 1.15 2018/11/05 20:18:21 tb Exp $ */ +/* $OpenBSD: ecp_nist.c,v 1.18 2021/09/08 17:29:21 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -80,21 +80,22 @@ EC_GFp_nist_method(void) .group_set_curve = ec_GFp_nist_group_set_curve, .group_get_curve = ec_GFp_simple_group_get_curve, .group_get_degree = ec_GFp_simple_group_get_degree, + .group_order_bits = ec_group_simple_order_bits, .group_check_discriminant = - ec_GFp_simple_group_check_discriminant, + ec_GFp_simple_group_check_discriminant, .point_init = ec_GFp_simple_point_init, .point_finish = ec_GFp_simple_point_finish, .point_clear_finish = ec_GFp_simple_point_clear_finish, .point_copy = ec_GFp_simple_point_copy, .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, - .point_set_Jprojective_coordinates_GFp = - ec_GFp_simple_set_Jprojective_coordinates_GFp, - .point_get_Jprojective_coordinates_GFp = - ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_Jprojective_coordinates = + ec_GFp_simple_set_Jprojective_coordinates, + .point_get_Jprojective_coordinates = + ec_GFp_simple_get_Jprojective_coordinates, .point_set_affine_coordinates = - ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_set_affine_coordinates, .point_get_affine_coordinates = - ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, .add = ec_GFp_simple_add, .dbl = ec_GFp_simple_dbl, .invert = ec_GFp_simple_invert, @@ -114,7 +115,7 @@ EC_GFp_nist_method(void) return &ret; } -int +int ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src) { dest->field_mod_func = src->field_mod_func; @@ -122,7 +123,7 @@ ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src) return ec_GFp_simple_group_copy(dest, src); } -int +int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -162,7 +163,7 @@ ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, } -int +int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { @@ -189,7 +190,7 @@ ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, } -int +int ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx) { diff --git a/externals/libressl/crypto/ec/ecp_oct.c b/externals/libressl/crypto/ec/ecp_oct.c index 90c5ca2e4..177bbe152 100755 --- a/externals/libressl/crypto/ec/ecp_oct.c +++ b/externals/libressl/crypto/ec/ecp_oct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */ +/* $OpenBSD: ecp_oct.c,v 1.14 2021/04/20 17:32:57 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -185,7 +185,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group, ECerror(ERR_R_INTERNAL_ERROR); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -246,7 +246,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co if ((y = BN_CTX_get(ctx)) == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) @@ -362,7 +362,11 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point, goto err; } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) + /* + * EC_POINT_set_compressed_coordinates checks that the point + * is on the curve as required by X9.62. + */ + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -377,15 +381,14 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point, goto err; } } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + /* + * EC_POINT_set_affine_coordinates checks that the point is + * on the curve as required by X9.62. + */ + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } - /* test required by X9.62 */ - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerror(EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } ret = 1; err: diff --git a/externals/libressl/crypto/ec/ecp_smpl.c b/externals/libressl/crypto/ec/ecp_smpl.c index 3957bd154..6f5280bbc 100755 --- a/externals/libressl/crypto/ec/ecp_smpl.c +++ b/externals/libressl/crypto/ec/ecp_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */ +/* $OpenBSD: ecp_smpl.c,v 1.34 2022/01/20 11:02:44 inoguchi Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -80,21 +80,22 @@ EC_GFp_simple_method(void) .group_set_curve = ec_GFp_simple_group_set_curve, .group_get_curve = ec_GFp_simple_group_get_curve, .group_get_degree = ec_GFp_simple_group_get_degree, + .group_order_bits = ec_group_simple_order_bits, .group_check_discriminant = - ec_GFp_simple_group_check_discriminant, + ec_GFp_simple_group_check_discriminant, .point_init = ec_GFp_simple_point_init, .point_finish = ec_GFp_simple_point_finish, .point_clear_finish = ec_GFp_simple_point_clear_finish, .point_copy = ec_GFp_simple_point_copy, .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, - .point_set_Jprojective_coordinates_GFp = - ec_GFp_simple_set_Jprojective_coordinates_GFp, - .point_get_Jprojective_coordinates_GFp = - ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_Jprojective_coordinates = + ec_GFp_simple_set_Jprojective_coordinates, + .point_get_Jprojective_coordinates = + ec_GFp_simple_get_Jprojective_coordinates, .point_set_affine_coordinates = - ec_GFp_simple_point_set_affine_coordinates, + ec_GFp_simple_point_set_affine_coordinates, .point_get_affine_coordinates = - ec_GFp_simple_point_get_affine_coordinates, + ec_GFp_simple_point_get_affine_coordinates, .add = ec_GFp_simple_add, .dbl = ec_GFp_simple_dbl, .invert = ec_GFp_simple_invert, @@ -129,7 +130,7 @@ EC_GFp_simple_method(void) */ -int +int ec_GFp_simple_group_init(EC_GROUP * group) { BN_init(&group->field); @@ -140,7 +141,7 @@ ec_GFp_simple_group_init(EC_GROUP * group) } -void +void ec_GFp_simple_group_finish(EC_GROUP * group) { BN_free(&group->field); @@ -149,7 +150,7 @@ ec_GFp_simple_group_finish(EC_GROUP * group) } -void +void ec_GFp_simple_group_clear_finish(EC_GROUP * group) { BN_clear_free(&group->field); @@ -158,7 +159,7 @@ ec_GFp_simple_group_clear_finish(EC_GROUP * group) } -int +int ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src) { if (!BN_copy(&dest->field, &src->field)) @@ -174,7 +175,7 @@ ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src) } -int +int ec_GFp_simple_group_set_curve(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) { @@ -231,7 +232,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group, } -int +int ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BIGNUM * b, BN_CTX * ctx) { int ret = 0; @@ -275,14 +276,14 @@ ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BI } -int +int ec_GFp_simple_group_get_degree(const EC_GROUP * group) { return BN_num_bits(&group->field); } -int +int ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) { int ret = 0; @@ -358,7 +359,7 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) } -int +int ec_GFp_simple_point_init(EC_POINT * point) { BN_init(&point->X); @@ -370,7 +371,7 @@ ec_GFp_simple_point_init(EC_POINT * point) } -void +void ec_GFp_simple_point_finish(EC_POINT * point) { BN_free(&point->X); @@ -379,7 +380,7 @@ ec_GFp_simple_point_finish(EC_POINT * point) } -void +void ec_GFp_simple_point_clear_finish(EC_POINT * point) { BN_clear_free(&point->X); @@ -389,7 +390,7 @@ ec_GFp_simple_point_clear_finish(EC_POINT * point) } -int +int ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src) { if (!BN_copy(&dest->X, &src->X)) @@ -404,7 +405,7 @@ ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src) } -int +int ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point) { point->Z_is_one = 0; @@ -413,9 +414,10 @@ ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point) } -int -ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT * point, - const BIGNUM * x, const BIGNUM * y, const BIGNUM * z, BN_CTX * ctx) +int +ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *group, + EC_POINT *point, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx) { BN_CTX *new_ctx = NULL; int ret = 0; @@ -465,10 +467,9 @@ ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT * return ret; } - -int -ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_POINT * point, - BIGNUM * x, BIGNUM * y, BIGNUM * z, BN_CTX * ctx) +int +ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) { BN_CTX *new_ctx = NULL; int ret = 0; @@ -513,8 +514,7 @@ ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_P return ret; } - -int +int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point, const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx) { @@ -523,11 +523,11 @@ ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * po ECerror(ERR_R_PASSED_NULL_PARAMETER); return 0; } - return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); + return EC_POINT_set_Jprojective_coordinates(group, point, x, y, + BN_value_one(), ctx); } - -int +int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx) { @@ -586,7 +586,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN } } } else { - if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) { + if (BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx) == NULL) { ECerror(ERR_R_BN_LIB); goto err; } @@ -634,7 +634,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN return ret; } -int +int ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx) { int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -823,7 +823,7 @@ ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, cons } -int +int ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_CTX * ctx) { int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -965,7 +965,7 @@ ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_C } -int +int ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) { if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y)) @@ -976,14 +976,14 @@ ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) } -int +int ec_GFp_simple_is_at_infinity(const EC_GROUP * group, const EC_POINT * point) { return BN_is_zero(&point->Z); } -int +int ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) { int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -1086,7 +1086,7 @@ ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX } -int +int ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx) { /* @@ -1188,7 +1188,7 @@ ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b } -int +int ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) { BN_CTX *new_ctx = NULL; @@ -1209,9 +1209,9 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx if ((y = BN_CTX_get(ctx)) == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; if (!point->Z_is_one) { ECerror(ERR_R_INTERNAL_ERROR); @@ -1226,7 +1226,7 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx } -int +int ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * points[], BN_CTX * ctx) { BN_CTX *new_ctx = NULL; @@ -1272,11 +1272,11 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * /* * The array is used as a binary tree, exactly as in heapsort: - * + * * heap[1] heap[2] heap[3] heap[4] heap[5] * heap[6] heap[7] heap[8]heap[9] heap[10]heap[11] * heap[12]heap[13] heap[14] heap[15] - * + * * We put the Z's in the last line; then we set each other node to the * product of its two child-nodes (where empty or 0 entries are * treated as ones); then we invert heap[1]; then we invert each @@ -1316,7 +1316,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * /* invert heap[1] */ if (!BN_is_zero(heap[1])) { - if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) { + if (BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx) == NULL) { ECerror(ERR_R_BN_LIB); goto err; } @@ -1401,13 +1401,13 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * } -int +int ec_GFp_simple_field_mul(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) { return BN_mod_mul(r, a, b, &group->field, ctx); } -int +int ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx) { return BN_mod_sqr(r, a, &group->field, ctx); @@ -1417,7 +1417,7 @@ ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN * Apply randomization of EC point projective coordinates: * * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z) - * + * * where lambda is in the interval [1, group->field). */ int @@ -1687,7 +1687,7 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } /* one final cswap to move the right value into r */ EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); - + ret = 1; err: diff --git a/externals/libressl/crypto/ecdh/ech_key.c b/externals/libressl/crypto/ecdh/ech_key.c index 378912cac..797cb0189 100755 --- a/externals/libressl/crypto/ecdh/ech_key.c +++ b/externals/libressl/crypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.9 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.12 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -77,6 +77,7 @@ #include #include +#include "bn_lcl.h" #include "ech_locl.h" #include "ec_lcl.h" @@ -140,23 +141,10 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, - ctx)) { - ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, tmp, x, y, ctx)) { + ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; } -#ifndef OPENSSL_NO_EC2M - else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, - ctx)) { - ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - } -#endif buflen = ECDH_size(ecdh); len = BN_num_bytes(x); diff --git a/externals/libressl/crypto/ecdsa/ecs_asn1.c b/externals/libressl/crypto/ecdsa/ecs_asn1.c index e46385866..9a7a04468 100755 --- a/externals/libressl/crypto/ecdsa/ecs_asn1.c +++ b/externals/libressl/crypto/ecdsa/ecs_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +/* $OpenBSD: ecs_asn1.c,v 1.10 2022/01/05 20:39:04 tb Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -123,6 +123,18 @@ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) *ps = sig->s; } +const BIGNUM * +ECDSA_SIG_get0_r(const ECDSA_SIG *sig) +{ + return sig->r; +} + +const BIGNUM * +ECDSA_SIG_get0_s(const ECDSA_SIG *sig) +{ + return sig->s; +} + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { diff --git a/externals/libressl/crypto/ecdsa/ecs_err.c b/externals/libressl/crypto/ecdsa/ecs_err.c index 9c5a54674..ac8850dba 100755 --- a/externals/libressl/crypto/ecdsa/ecs_err.c +++ b/externals/libressl/crypto/ecdsa/ecs_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecs_err.c,v 1.6 2022/01/27 20:31:21 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -62,8 +62,8 @@ #include -#include #include +#include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/externals/libressl/crypto/ecdsa/ecs_locl.h b/externals/libressl/crypto/ecdsa/ecs_locl.h index 0a9f17908..a53ec379e 100755 --- a/externals/libressl/crypto/ecdsa/ecs_locl.h +++ b/externals/libressl/crypto/ecdsa/ecs_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_locl.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecs_locl.h,v 1.7 2022/01/14 08:31:03 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -73,6 +73,11 @@ typedef struct ecdsa_data_st { CRYPTO_EX_DATA ex_data; } ECDSA_DATA; +struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +}; + /** ecdsa_check * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure * and if not it removes the old meth_data and creates a ECDSA_DATA structure. diff --git a/externals/libressl/crypto/ecdsa/ecs_ossl.c b/externals/libressl/crypto/ecdsa/ecs_ossl.c index 8a6685de5..0203b01bb 100755 --- a/externals/libressl/crypto/ecdsa/ecs_ossl.c +++ b/externals/libressl/crypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.20 2019/06/04 18:15:27 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.24 2022/04/07 17:37:25 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -163,6 +163,11 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) goto err; } + if (BN_cmp(order, BN_value_one()) <= 0) { + ECDSAerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + /* Preallocate space. */ order_bits = BN_num_bits(order); if (!BN_set_bit(k, order_bits) || @@ -205,30 +210,18 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) ECDSAerror(ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, point, - X, NULL, ctx)) { - ECDSAerror(ERR_R_EC_LIB); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, + ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, - X, NULL, ctx)) { - ECDSAerror(ERR_R_EC_LIB); - goto err; - } - } -#endif if (!BN_nnmod(r, X, order, ctx)) { ECDSAerror(ERR_R_BN_LIB); goto err; } } while (BN_is_zero(r)); - if (!BN_mod_inverse_ct(k, k, order, ctx)) { + if (BN_mod_inverse_ct(k, k, order, ctx) == NULL) { ECDSAerror(ERR_R_BN_LIB); goto err; } @@ -499,7 +492,7 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, if (!ecdsa_prepare_digest(dgst, dgst_len, order, m)) goto err; - if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { /* w = inv(s) */ + if (BN_mod_inverse_ct(u2, sig->s, order, ctx) == NULL) { /* w = inv(s) */ ECDSAerror(ERR_R_BN_LIB); goto err; } @@ -521,23 +514,10 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, ECDSAerror(ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, - ctx)) { - ECDSAerror(ERR_R_EC_LIB); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, - ctx)) { - ECDSAerror(ERR_R_EC_LIB); - goto err; - } - } -#endif if (!BN_nnmod(u1, X, order, ctx)) { ECDSAerror(ERR_R_BN_LIB); goto err; diff --git a/externals/libressl/crypto/ecdsa/ecs_sign.c b/externals/libressl/crypto/ecdsa/ecs_sign.c index 5beb853b9..6424a3ca6 100755 --- a/externals/libressl/crypto/ecdsa/ecs_sign.c +++ b/externals/libressl/crypto/ecdsa/ecs_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_sign.c,v 1.7 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: ecs_sign.c,v 1.9 2022/01/27 20:30:29 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -58,7 +58,10 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include +#include +#include "bn_lcl.h" #include "ecs_locl.h" #include "ec_lcl.h" diff --git a/externals/libressl/crypto/ecdsa/ecs_vrf.c b/externals/libressl/crypto/ecdsa/ecs_vrf.c index 4c1bc85e0..7db5a937f 100755 --- a/externals/libressl/crypto/ecdsa/ecs_vrf.c +++ b/externals/libressl/crypto/ecdsa/ecs_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ecs_vrf.c,v 1.9 2022/01/27 20:30:29 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -58,11 +58,15 @@ #include -#include "ecs_locl.h" -#include "ec_lcl.h" #ifndef OPENSSL_NO_ENGINE #include #endif +#include +#include + +#include "bn_lcl.h" +#include "ecs_locl.h" +#include "ec_lcl.h" /* returns * 1: correct signature diff --git a/externals/libressl/crypto/engine/eng_openssl.c b/externals/libressl/crypto/engine/eng_openssl.c index f8f6c8f58..1a6113ba6 100755 --- a/externals/libressl/crypto/engine/eng_openssl.c +++ b/externals/libressl/crypto/engine/eng_openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eng_openssl.c,v 1.13 2018/04/14 07:18:37 tb Exp $ */ +/* $OpenBSD: eng_openssl.c,v 1.15 2022/01/09 23:55:31 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -84,6 +84,8 @@ #include #endif +#include "evp_locl.h" + /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no * longer automatic in ENGINE_load_builtin_engines(). */ @@ -349,18 +351,17 @@ test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) } static const EVP_MD test_sha_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - test_sha1_init, - test_sha1_update, - test_sha1_final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), + .type = NID_sha1, + .pkey_type = NID_sha1WithRSAEncryption, + .md_size = SHA_DIGEST_LENGTH, + .flags = 0, + .init = test_sha1_init, + .update = test_sha1_update, + .final = test_sha1_final, + .copy = NULL, + .cleanup = NULL, + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), }; static int diff --git a/externals/libressl/crypto/err/err_prn.c b/externals/libressl/crypto/err/err_prn.c index 48166829d..6b5c455f0 100755 --- a/externals/libressl/crypto/err/err_prn.c +++ b/externals/libressl/crypto/err/err_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_prn.c,v 1.18 2017/02/07 15:52:33 jsing Exp $ */ +/* $OpenBSD: err_prn.c,v 1.19 2022/01/07 09:02:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "bio_local.h" + void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) { diff --git a/externals/libressl/crypto/evp/bio_b64.c b/externals/libressl/crypto/evp/bio_b64.c index 82aaa8bf7..b61a342a3 100755 --- a/externals/libressl/crypto/evp/bio_b64.c +++ b/externals/libressl/crypto/evp/bio_b64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_b64.c,v 1.22 2018/08/24 19:47:25 tb Exp $ */ +/* $OpenBSD: bio_b64.c,v 1.25 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); static int b64_puts(BIO *h, const char *str); @@ -70,7 +73,7 @@ static int b64_puts(BIO *h, const char *str); static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 #define B64_NONE 0 @@ -547,7 +550,7 @@ again: } static long -b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/externals/libressl/crypto/evp/bio_enc.c b/externals/libressl/crypto/evp/bio_enc.c index 7b5599895..2a0f76fcb 100755 --- a/externals/libressl/crypto/evp/bio_enc.c +++ b/externals/libressl/crypto/evp/bio_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_enc.c,v 1.22 2018/08/24 19:30:24 tb Exp $ */ +/* $OpenBSD: bio_enc.c,v 1.26 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + static int enc_write(BIO *h, const char *buf, int num); static int enc_read(BIO *h, char *buf, int size); /*static int enc_puts(BIO *h, const char *str); */ @@ -70,7 +73,7 @@ static int enc_read(BIO *h, char *buf, int size); static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); -static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); +static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) #define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) @@ -370,7 +373,7 @@ again: } static long -enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; @@ -384,26 +387,6 @@ enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return (ret); } -/* -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, const unsigned char *i, int e) diff --git a/externals/libressl/crypto/evp/bio_md.c b/externals/libressl/crypto/evp/bio_md.c index 44f72185d..4ae5f1f49 100755 --- a/externals/libressl/crypto/evp/bio_md.c +++ b/externals/libressl/crypto/evp/bio_md.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_md.c,v 1.15 2018/05/02 15:51:41 tb Exp $ */ +/* $OpenBSD: bio_md.c,v 1.18 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,9 @@ #include #include +#include "bio_local.h" +#include "evp_locl.h" + /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ @@ -72,7 +75,7 @@ static int md_gets(BIO *h, char *str, int size); static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_md = { .type = BIO_TYPE_MD, @@ -238,7 +241,7 @@ md_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/externals/libressl/crypto/evp/c_all.c b/externals/libressl/crypto/evp/c_all.c index 9e9d39d5a..690215c8e 100755 --- a/externals/libressl/crypto/evp/c_all.c +++ b/externals/libressl/crypto/evp/c_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: c_all.c,v 1.26 2019/03/17 18:07:41 tb Exp $ */ +/* $OpenBSD: c_all.c,v 1.27 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -263,24 +263,10 @@ OpenSSL_add_all_digests_internal(void) EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#if !defined(OPENSSL_NO_SHA) -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif -#ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -#endif #endif #ifndef OPENSSL_NO_GOST diff --git a/externals/libressl/crypto/evp/digest.c b/externals/libressl/crypto/evp/digest.c index 4cd3565c6..ecb529253 100755 --- a/externals/libressl/crypto/evp/digest.c +++ b/externals/libressl/crypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.31 2019/04/19 17:04:45 jsing Exp $ */ +/* $OpenBSD: digest.c,v 1.34 2022/01/10 10:51:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,6 +122,8 @@ #include #endif +#include "evp_locl.h" + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { @@ -279,6 +281,14 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) tmp_buf = NULL; EVP_MD_CTX_cleanup(out); memcpy(out, in, sizeof *out); + out->md_data = NULL; + out->pctx = NULL; + + /* + * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs + * to free out->pctx in all cases (even if this flag is set on in). + */ + EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) { @@ -381,7 +391,12 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) freezero(ctx->md_data, ctx->digest->ctx_size); - EVP_PKEY_CTX_free(ctx->pctx); + /* + * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was + * called and its strange API contract implies we don't own ctx->pctx. + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(ctx->engine); #endif diff --git a/externals/libressl/crypto/evp/e_aes_cbc_hmac_sha1.c b/externals/libressl/crypto/evp/e_aes_cbc_hmac_sha1.c index 9be17e36f..eef9c2809 100755 --- a/externals/libressl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/externals/libressl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.15 2019/04/03 15:33:37 tb Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.16 2021/12/12 21:30:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -59,8 +59,9 @@ #include #include #include -#include "evp_locl.h" + #include "constant_time_locl.h" +#include "evp_locl.h" #define TLS1_1_VERSION 0x0302 diff --git a/externals/libressl/crypto/evp/e_camellia.c b/externals/libressl/crypto/evp/e_camellia.c index fd12cf9c5..70dad7ead 100755 --- a/externals/libressl/crypto/evp/e_camellia.c +++ b/externals/libressl/crypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_camellia.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_camellia.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -61,6 +61,7 @@ #include #include #include + #include "evp_locl.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/externals/libressl/crypto/evp/e_gost2814789.c b/externals/libressl/crypto/evp/e_gost2814789.c index 730de4fed..7803d9507 100755 --- a/externals/libressl/crypto/evp/e_gost2814789.c +++ b/externals/libressl/crypto/evp/e_gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_gost2814789.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_gost2814789.c,v 1.5 2021/12/12 21:30:13 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #include @@ -56,6 +57,7 @@ #include #include #include + #include "evp_locl.h" typedef struct { diff --git a/externals/libressl/crypto/evp/e_null.c b/externals/libressl/crypto/evp/e_null.c index 65374cc3f..db79e1ec5 100755 --- a/externals/libressl/crypto/evp/e_null.c +++ b/externals/libressl/crypto/evp/e_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_null.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_null.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, diff --git a/externals/libressl/crypto/evp/e_rc2.c b/externals/libressl/crypto/evp/e_rc2.c index de1b24a30..b07fafddf 100755 --- a/externals/libressl/crypto/evp/e_rc2.c +++ b/externals/libressl/crypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.14 2022/01/20 11:31:37 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,7 +150,8 @@ rc2_meth_to_magic(EVP_CIPHER_CTX *e) { int i; - EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); + if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) + return (0); if (i == 128) return (RC2_128_MAGIC); else if (i == 64) @@ -199,9 +200,11 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return (-1); if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, - key_bits, NULL); - EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, + key_bits, NULL) <= 0) + return -1; + if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8)) + return -1; } return (i); } diff --git a/externals/libressl/crypto/evp/e_rc4_hmac_md5.c b/externals/libressl/crypto/evp/e_rc4_hmac_md5.c index ac73361fa..b8a6b4492 100755 --- a/externals/libressl/crypto/evp/e_rc4_hmac_md5.c +++ b/externals/libressl/crypto/evp/e_rc4_hmac_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */ +/* $OpenBSD: e_rc4_hmac_md5.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -60,6 +60,8 @@ #include #include +#include "evp_locl.h" + /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 diff --git a/externals/libressl/crypto/evp/encode.c b/externals/libressl/crypto/evp/encode.c index 2f942a032..30fcd858c 100755 --- a/externals/libressl/crypto/evp/encode.c +++ b/externals/libressl/crypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.28 2020/03/04 11:53:21 inoguchi Exp $ */ +/* $OpenBSD: encode.c,v 1.29 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include +#include "evp_locl.h" + static unsigned char conv_ascii2bin(unsigned char a); #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) diff --git a/externals/libressl/crypto/evp/evp_aead.c b/externals/libressl/crypto/evp/evp_aead.c index 40471b002..93d523af7 100755 --- a/externals/libressl/crypto/evp/evp_aead.c +++ b/externals/libressl/crypto/evp/evp_aead.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: evp_aead.c,v 1.7 2022/01/07 21:58:17 tb Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -68,6 +68,22 @@ EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) ctx->aead = NULL; } +EVP_AEAD_CTX * +EVP_AEAD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_AEAD_CTX)); +} + +void +EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_AEAD_CTX_cleanup(ctx); + free(ctx); +} + /* check_alias returns 0 if out points within the buffer determined by in * and in_len and 1 otherwise. * diff --git a/externals/libressl/crypto/evp/evp_enc.c b/externals/libressl/crypto/evp/evp_enc.c index bb49e2826..896b9e1a1 100755 --- a/externals/libressl/crypto/evp/evp_enc.c +++ b/externals/libressl/crypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.43 2019/04/14 17:16:57 jsing Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.44 2021/02/18 19:12:29 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include #include @@ -337,6 +338,17 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the + * amount of data left that is a multiple of the block + * length is (inl - j) & ~(bl - 1). Ensure this plus + * the block processed from ctx-buf doesn't overflow. + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } memcpy(&(ctx->buf[i]), in, j); if (!M_do_cipher(ctx, out, ctx->buf, bl)) return 0; @@ -451,6 +463,16 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } if (ctx->final_used) { + /* + * final_used is only ever set if buf_len is 0. Therefore the + * maximum length output we will ever see from EVP_EncryptUpdate + * is inl & ~(b - 1). Since final_used is set, the final output + * length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow. + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; diff --git a/externals/libressl/crypto/evp/evp_err.c b/externals/libressl/crypto/evp/evp_err.c index 2494cf579..07ece82c3 100755 --- a/externals/libressl/crypto/evp/evp_err.c +++ b/externals/libressl/crypto/evp/evp_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_err.c,v 1.26 2020/04/27 19:31:02 tb Exp $ */ +/* $OpenBSD: evp_err.c,v 1.27 2021/03/29 15:57:23 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -116,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"}, + {ERR_REASON(EVP_R_KEY_SETUP_FAILED) , "key setup failed"}, {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"}, {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"}, diff --git a/externals/libressl/crypto/evp/evp_key.c b/externals/libressl/crypto/evp/evp_key.c index 91d0fc0de..dcfb94e30 100755 --- a/externals/libressl/crypto/evp/evp_key.c +++ b/externals/libressl/crypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.26 2018/08/14 17:59:26 tb Exp $ */ +/* $OpenBSD: evp_key.c,v 1.27 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "evp_locl.h" + /* should be init to zeros. */ static char prompt_string[80]; diff --git a/externals/libressl/crypto/evp/evp_lib.c b/externals/libressl/crypto/evp/evp_lib.c index 90107739e..0e354d627 100755 --- a/externals/libressl/crypto/evp/evp_lib.c +++ b/externals/libressl/crypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.24 2022/01/10 13:42:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "asn1_locl.h" +#include "evp_locl.h" + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -237,6 +240,23 @@ EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) ctx->app_data = data; } +void * +EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher_data; +} + +void * +EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) +{ + void *old_cipher_data; + + old_cipher_data = ctx->cipher_data; + ctx->cipher_data = cipher_data; + + return old_cipher_data; +} + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { @@ -249,6 +269,12 @@ EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) return ctx->cipher->iv_len; } +unsigned char * +EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { @@ -345,6 +371,114 @@ EVP_MD_flags(const EVP_MD *md) return md->flags; } +EVP_MD * +EVP_MD_meth_new(int md_type, int pkey_type) +{ + EVP_MD *md; + + if ((md = calloc(1, sizeof(*md))) == NULL) + return NULL; + + md->type = md_type; + md->pkey_type = pkey_type; + + return md; +} + +EVP_MD * +EVP_MD_meth_dup(const EVP_MD *md) +{ + EVP_MD *to; + + if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) == NULL) + return NULL; + + memcpy(to, md, sizeof(*to)); + + return to; +} + +void +EVP_MD_meth_free(EVP_MD *md) +{ + freezero(md, sizeof(*md)); +} + +int +EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +{ + md->block_size = blocksize; + return 1; +} + +int +EVP_MD_meth_set_result_size(EVP_MD *md, int result_size) +{ + md->md_size = result_size; + return 1; +} + +int +EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +{ + md->ctx_size = datasize; + return 1; +} + +int +EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +{ + md->flags = flags; + return 1; +} + +int +EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +{ + md->init = init; + return 1; +} + +int +EVP_MD_meth_set_update(EVP_MD *md, + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)) +{ + md->update = update; + return 1; +} + +int +EVP_MD_meth_set_final(EVP_MD *md, + int (*final)(EVP_MD_CTX *ctx, unsigned char *md)) +{ + md->final = final; + return 1; +} + +int +EVP_MD_meth_set_copy(EVP_MD *md, + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)) +{ + md->copy = copy; + return 1; +} + +int +EVP_MD_meth_set_cleanup(EVP_MD *md, + int (*cleanup)(EVP_MD_CTX *ctx)) +{ + md->cleanup = cleanup; + return 1; +} + +int +EVP_MD_meth_set_ctrl(EVP_MD *md, + int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) +{ + md->md_ctrl = ctrl; + return 1; +} + const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { @@ -353,6 +487,41 @@ EVP_MD_CTX_md(const EVP_MD_CTX *ctx) return ctx->digest; } +void * +EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +{ + return ctx->md_data; +} + +EVP_PKEY_CTX * +EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +{ + return ctx->pctx; +} + +void +EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) +{ + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } else { + EVP_PKEY_CTX_free(ctx->pctx); + } + + ctx->pctx = pctx; + + if (pctx != NULL) { + /* + * For unclear reasons it was decided that the caller keeps + * ownership of pctx. So a flag was invented to make sure we + * don't free it in EVP_MD_CTX_cleanup(). We also need to + * unset it in EVP_MD_CTX_copy_ex(). Fortunately, the flag + * isn't public... + */ + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } +} + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { diff --git a/externals/libressl/crypto/evp/evp_locl.h b/externals/libressl/crypto/evp/evp_locl.h index 8df613549..c3d9a6a71 100755 --- a/externals/libressl/crypto/evp/evp_locl.h +++ b/externals/libressl/crypto/evp/evp_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_locl.h,v 1.16 2019/10/29 07:52:17 jsing Exp $ */ +/* $OpenBSD: evp_locl.h,v 1.22 2022/01/14 08:38:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -56,8 +56,134 @@ * */ +#ifndef HEADER_EVP_LOCL_H +#define HEADER_EVP_LOCL_H + __BEGIN_HIDDEN_DECLS +/* + * Don't free md_ctx->pctx in EVP_MD_CTX_cleanup(). Needed for ownership + * handling in EVP_MD_CTX_set_pkey_ctx(). + */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 + +typedef int evp_sign_method(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, + void *key); +typedef int evp_verify_method(int type, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, + void *key); + +/* Type needs to be a bit field + * Sub-type needs to be for variations on the method, as in, can it do + * arbitrary encryption.... */ +struct evp_pkey_st { + int type; + int save_type; + int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + union { + char *ptr; +#ifndef OPENSSL_NO_RSA + struct rsa_st *rsa; /* RSA */ +#endif +#ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +#endif +#ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +#endif +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif +#ifndef OPENSSL_NO_GOST + struct gost_key_st *gost; /* GOST */ +#endif + } pkey; + int save_parameters; + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} /* EVP_PKEY */; + +struct env_md_st { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final)(EVP_MD_CTX *ctx, unsigned char *md); + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); + + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */; + +struct env_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */; + +struct evp_cipher_st { + int nid; + int block_size; + int key_len; /* Default value for variable length ciphers */ + int iv_len; + unsigned long flags; /* Various flags */ + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* init key */ + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl);/* encrypt/decrypt data */ + int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ + int ctx_size; /* how big ctx->cipher_data needs to be */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ + void *app_data; /* Application data */ +} /* EVP_CIPHER */; + +struct evp_cipher_ctx_st { + const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ + int encrypt; /* encrypt or decrypt */ + int buf_len; /* number we have left */ + + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ + int num; /* used by cfb/ofb/ctr mode */ + + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ +} /* EVP_CIPHER_CTX */; + +struct evp_Encode_Ctx_st { + + int num; /* number saved in a partial encode/decode */ + int length; /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded */ + unsigned char enc_data[80]; /* data to encode */ + int line_num; /* number read on current line */ + int expect_nl; +} /* EVP_ENCODE_CTX */; + /* Macros to code block cipher wrappers */ /* Wrapper functions for each cipher mode */ @@ -338,6 +464,10 @@ struct evp_pkey_method_st { int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); + + int (*check)(EVP_PKEY *pkey); + int (*public_check)(EVP_PKEY *pkey); + int (*param_check)(EVP_PKEY *pkey); } /* EVP_PKEY_METHOD */; void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); @@ -367,6 +497,16 @@ struct evp_aead_st { const unsigned char *ad, size_t ad_len); }; +/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key + * and message-independent IV. */ +struct evp_aead_ctx_st { + const EVP_AEAD *aead; + /* aead_state is an opaque pointer to the AEAD specific state. */ + void *aead_state; +}; + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); __END_HIDDEN_DECLS + +#endif /* !HEADER_EVP_LOCL_H */ diff --git a/externals/libressl/crypto/evp/evp_pkey.c b/externals/libressl/crypto/evp/evp_pkey.c index 9ff544b84..3ba0e1dd5 100755 --- a/externals/libressl/crypto/evp/evp_pkey.c +++ b/externals/libressl/crypto/evp/evp_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pkey.c,v 1.23 2018/08/24 20:26:03 tb Exp $ */ +/* $OpenBSD: evp_pkey.c,v 1.24 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" /* Extract a private key from a PKCS8 structure */ diff --git a/externals/libressl/crypto/evp/m_gost2814789.c b/externals/libressl/crypto/evp/m_gost2814789.c index 279af872e..7d11ec8c8 100755 --- a/externals/libressl/crypto/evp/m_gost2814789.c +++ b/externals/libressl/crypto/evp/m_gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_gost2814789.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #ifndef OPENSSL_NO_GOST @@ -56,6 +57,8 @@ #include #include +#include "evp_locl.h" + static int gost2814789_init(EVP_MD_CTX *ctx) { diff --git a/externals/libressl/crypto/evp/m_gostr341194.c b/externals/libressl/crypto/evp/m_gostr341194.c index 66d9b4f30..f479675ba 100755 --- a/externals/libressl/crypto/evp/m_gostr341194.c +++ b/externals/libressl/crypto/evp/m_gostr341194.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_gostr341194.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_gostr341194.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -48,6 +48,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ + #include #include @@ -58,6 +59,8 @@ #include #include +#include "evp_locl.h" + static int gostr341194_init(EVP_MD_CTX *ctx) { @@ -81,7 +84,7 @@ static const EVP_MD gostr341194_md = { .type = NID_id_GostR3411_94, .pkey_type = NID_undef, .md_size = GOSTR341194_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = gostr341194_init, .update = gostr341194_update, .final = gostr341194_final, diff --git a/externals/libressl/crypto/evp/m_md4.c b/externals/libressl/crypto/evp/m_md4.c index ab3cc852b..977565283 100755 --- a/externals/libressl/crypto/evp/m_md4.c +++ b/externals/libressl/crypto/evp/m_md4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md4.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */ +/* $OpenBSD: m_md4.c,v 1.18 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD md4_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD4_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/externals/libressl/crypto/evp/m_md5.c b/externals/libressl/crypto/evp/m_md5.c index 36cff7ab5..daa7aee7b 100755 --- a/externals/libressl/crypto/evp/m_md5.c +++ b/externals/libressl/crypto/evp/m_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_md5.c,v 1.17 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD md5_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD5_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/externals/libressl/crypto/evp/m_md5_sha1.c b/externals/libressl/crypto/evp/m_md5_sha1.c index 4e8a0c32f..f8bec10d1 100755 --- a/externals/libressl/crypto/evp/m_md5_sha1.c +++ b/externals/libressl/crypto/evp/m_md5_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5_sha1.c,v 1.2 2018/08/10 17:30:29 jsing Exp $ */ +/* $OpenBSD: m_md5_sha1.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -24,6 +24,8 @@ #include #endif +#include "evp_locl.h" + struct md5_sha1_ctx { MD5_CTX md5; SHA_CTX sha1; @@ -78,13 +80,6 @@ static const EVP_MD md5_sha1_md = { .final = md5_sha1_final, .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */ .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif }; const EVP_MD * diff --git a/externals/libressl/crypto/evp/m_null.c b/externals/libressl/crypto/evp/m_null.c index 897be3cee..4334decb9 100755 --- a/externals/libressl/crypto/evp/m_null.c +++ b/externals/libressl/crypto/evp/m_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_null.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: m_null.c,v 1.11 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -90,11 +92,6 @@ static const EVP_MD null_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = 0, .ctx_size = sizeof(EVP_MD *), }; diff --git a/externals/libressl/crypto/evp/m_ripemd.c b/externals/libressl/crypto/evp/m_ripemd.c index be7f1393b..47397833d 100755 --- a/externals/libressl/crypto/evp/m_ripemd.c +++ b/externals/libressl/crypto/evp/m_ripemd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_ripemd.c,v 1.12 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_ripemd.c,v 1.14 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,6 +71,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -99,13 +101,6 @@ static const EVP_MD ripemd160_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = RIPEMD160_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/externals/libressl/crypto/evp/m_sha1.c b/externals/libressl/crypto/evp/m_sha1.c index 13d5b030d..a6fb53641 100755 --- a/externals/libressl/crypto/evp/m_sha1.c +++ b/externals/libressl/crypto/evp/m_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sha1.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: m_sha1.c,v 1.19 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -92,19 +94,12 @@ static const EVP_MD sha1_md = { .type = NID_sha1, .pkey_type = NID_sha1WithRSAEncryption, .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init, .update = update, .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), }; @@ -149,19 +144,12 @@ static const EVP_MD sha224_md = { .type = NID_sha224, .pkey_type = NID_sha224WithRSAEncryption, .md_size = SHA224_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init224, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -176,19 +164,12 @@ static const EVP_MD sha256_md = { .type = NID_sha256, .pkey_type = NID_sha256WithRSAEncryption, .md_size = SHA256_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init256, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -229,19 +210,12 @@ static const EVP_MD sha384_md = { .type = NID_sha384, .pkey_type = NID_sha384WithRSAEncryption, .md_size = SHA384_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init384, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -256,19 +230,12 @@ static const EVP_MD sha512_md = { .type = NID_sha512, .pkey_type = NID_sha512WithRSAEncryption, .md_size = SHA512_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init512, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/externals/libressl/crypto/evp/m_sigver.c b/externals/libressl/crypto/evp/m_sigver.c index 9e313c363..bd9374651 100755 --- a/externals/libressl/crypto/evp/m_sigver.c +++ b/externals/libressl/crypto/evp/m_sigver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sigver.c,v 1.7 2018/05/13 06:35:10 tb Exp $ */ +/* $OpenBSD: m_sigver.c,v 1.9 2021/05/09 14:25:40 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -74,15 +74,17 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, if (ctx->pctx == NULL) return 0; - if (type == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) - type = EVP_get_digestbynid(def_nid); - } + if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { + if (type == NULL) { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) + type = EVP_get_digestbynid(def_nid); + } - if (type == NULL) { - EVPerror(EVP_R_NO_DEFAULT_DIGEST); - return 0; + if (type == NULL) { + EVPerror(EVP_R_NO_DEFAULT_DIGEST); + return 0; + } } if (ver) { @@ -105,6 +107,8 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, return 0; if (pctx) *pctx = ctx->pctx; + if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) + return 1; if (!EVP_DigestInit_ex(ctx, type, e)) return 0; return 1; @@ -127,7 +131,24 @@ EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { - int sctx, r = 0; + EVP_PKEY_CTX *pctx = ctx->pctx; + int sctx; + int r = 0; + + if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { + EVP_PKEY_CTX *dctx; + + if (sigret == NULL) + return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); + + /* XXX - support EVP_MD_CTX_FLAG_FINALISE? */ + if ((dctx = EVP_PKEY_CTX_dup(ctx->pctx)) == NULL) + return 0; + r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); + EVP_PKEY_CTX_free(dctx); + + return r; + } if (ctx->pctx->pmeth->signctx) sctx = 1; @@ -165,6 +186,18 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) return 1; } +int +EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (sigret != NULL) { + if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) + return 0; + } + + return EVP_DigestSignFinal(ctx, sigret, siglen); +} + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { @@ -191,3 +224,13 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) return r; return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); } + +int +EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) + return -1; + + return EVP_DigestVerifyFinal(ctx, sigret, siglen); +} diff --git a/externals/libressl/crypto/evp/m_sm3.c b/externals/libressl/crypto/evp/m_sm3.c index 66582b8e4..ae8b342e8 100755 --- a/externals/libressl/crypto/evp/m_sm3.c +++ b/externals/libressl/crypto/evp/m_sm3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sm3.c,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* $OpenBSD: m_sm3.c,v 1.3 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2018, Ribose Inc * @@ -25,6 +25,8 @@ #include #endif +#include "evp_locl.h" + static int sm3_init(EVP_MD_CTX *ctx) { @@ -47,19 +49,12 @@ static const EVP_MD sm3_md = { .type = NID_sm3, .pkey_type = NID_sm3WithRSAEncryption, .md_size = SM3_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = sm3_init, .update = sm3_update, .final = sm3_final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SM3_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX), }; diff --git a/externals/libressl/crypto/evp/m_streebog.c b/externals/libressl/crypto/evp/m_streebog.c index 882c7852b..3f825e3a0 100755 --- a/externals/libressl/crypto/evp/m_streebog.c +++ b/externals/libressl/crypto/evp/m_streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_streebog.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* $OpenBSD: m_streebog.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -57,6 +57,8 @@ #include #include +#include "evp_locl.h" + static int streebog_init256(EVP_MD_CTX *ctx) { @@ -97,7 +99,7 @@ static const EVP_MD streebog256_md = { .type = NID_id_tc26_gost3411_2012_256, .pkey_type = NID_undef, .md_size = STREEBOG256_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init256, .update = streebog_update256, .final = streebog_final256, @@ -109,7 +111,7 @@ static const EVP_MD streebog512_md = { .type = NID_id_tc26_gost3411_2012_512, .pkey_type = NID_undef, .md_size = STREEBOG512_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init512, .update = streebog_update512, .final = streebog_final512, diff --git a/externals/libressl/crypto/evp/m_wp.c b/externals/libressl/crypto/evp/m_wp.c index 3f543ac0a..07ae7ca55 100755 --- a/externals/libressl/crypto/evp/m_wp.c +++ b/externals/libressl/crypto/evp/m_wp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_wp.c,v 1.8 2014/07/13 09:30:02 miod Exp $ */ +/* $OpenBSD: m_wp.c,v 1.10 2022/01/14 08:38:06 tb Exp $ */ #include @@ -11,6 +11,8 @@ #include #include +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { @@ -39,11 +41,6 @@ static const EVP_MD whirlpool_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = WHIRLPOOL_BBLOCK / 8, .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/externals/libressl/crypto/evp/names.c b/externals/libressl/crypto/evp/names.c index dfcf9ee22..02529eef6 100755 --- a/externals/libressl/crypto/evp/names.c +++ b/externals/libressl/crypto/evp/names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: names.c,v 1.14 2018/03/17 16:20:01 beck Exp $ */ +/* $OpenBSD: names.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/externals/libressl/crypto/evp/p5_crpt.c b/externals/libressl/crypto/evp/p5_crpt.c index 98e4549db..b9482e086 100755 --- a/externals/libressl/crypto/evp/p5_crpt.c +++ b/externals/libressl/crypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.19 2020/01/12 07:11:13 inoguchi Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.20 2021/12/12 21:30:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,8 @@ #include #include +#include "evp_locl.h" + /* Doesn't do anything now: Builtin PBE algorithms in static table. */ diff --git a/externals/libressl/crypto/evp/p5_crpt2.c b/externals/libressl/crypto/evp/p5_crpt2.c index 4bef28770..f3585ff34 100755 --- a/externals/libressl/crypto/evp/p5_crpt2.c +++ b/externals/libressl/crypto/evp/p5_crpt2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p5_crpt2.c,v 1.24 2021/12/12 21:27:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -70,6 +70,7 @@ #include #include "evp_locl.h" +#include "hmac_local.h" /* This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2. diff --git a/externals/libressl/crypto/evp/p_dec.c b/externals/libressl/crypto/evp/p_dec.c index c827c5e4c..c19cc651b 100755 --- a/externals/libressl/crypto/evp/p_dec.c +++ b/externals/libressl/crypto/evp/p_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_dec.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_dec.c,v 1.12 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) diff --git a/externals/libressl/crypto/evp/p_enc.c b/externals/libressl/crypto/evp/p_enc.c index 49c46f1a7..5553429c5 100755 --- a/externals/libressl/crypto/evp/p_enc.c +++ b/externals/libressl/crypto/evp/p_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_enc.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_enc.c,v 1.12 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) diff --git a/externals/libressl/crypto/evp/p_lib.c b/externals/libressl/crypto/evp/p_lib.c index 13a9d65f2..cdd38e4e3 100755 --- a/externals/libressl/crypto/evp/p_lib.c +++ b/externals/libressl/crypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.28 2022/01/20 11:06:24 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,7 @@ #include #include +#include #include #include #include @@ -81,6 +82,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -216,10 +218,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey) */ static int -pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) +pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len) { const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e = NULL; + ENGINE **eptr = NULL; + + if (e == NULL) + eptr = &e; + if (pkey) { if (pkey->pkey.ptr) EVP_PKEY_free_it(pkey); @@ -234,11 +240,11 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) #endif } if (str) - ameth = EVP_PKEY_asn1_find_str(&e, str, len); + ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else - ameth = EVP_PKEY_asn1_find(&e, type); + ameth = EVP_PKEY_asn1_find(eptr, type); #ifndef OPENSSL_NO_ENGINE - if (pkey == NULL) + if (pkey == NULL && eptr != NULL) ENGINE_finish(e); #endif if (!ameth) { @@ -258,13 +264,43 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { - return pkey_set_type(pkey, type, NULL, -1); + return pkey_set_type(pkey, NULL, type, NULL, -1); +} + +EVP_PKEY * +EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, + const EVP_CIPHER *cipher) +{ + EVP_PKEY *ret = NULL; + CMAC_CTX *cmctx = NULL; + + if ((ret = EVP_PKEY_new()) == NULL) + goto err; + if ((cmctx = CMAC_CTX_new()) == NULL) + goto err; + + if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) + goto err; + + if (!CMAC_Init(cmctx, priv, len, cipher, e)) { + EVPerror(EVP_R_KEY_SETUP_FAILED); + goto err; + } + + ret->pkey.ptr = (char *)cmctx; + + return ret; + + err: + EVP_PKEY_free(ret); + CMAC_CTX_free(cmctx); + return NULL; } int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) { - return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); + return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); } int @@ -490,7 +526,8 @@ EVP_PKEY_free_it(EVP_PKEY *x) static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr) { - BIO_indent(out, indent, 128); + if (!BIO_indent(out, indent, 128)) + return 0; BIO_printf(out, "%s algorithm \"%s\" unsupported\n", kstr, OBJ_nid2ln(pkey->type)); return 1; diff --git a/externals/libressl/crypto/evp/p_open.c b/externals/libressl/crypto/evp/p_open.c index 57a46706b..e4c59e68d 100755 --- a/externals/libressl/crypto/evp/p_open.c +++ b/externals/libressl/crypto/evp/p_open.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_open.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: p_open.c,v 1.20 2021/12/12 21:30:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #include +#include "evp_locl.h" + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv) diff --git a/externals/libressl/crypto/evp/p_sign.c b/externals/libressl/crypto/evp/p_sign.c index 631292451..1e33cfbe7 100755 --- a/externals/libressl/crypto/evp/p_sign.c +++ b/externals/libressl/crypto/evp/p_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_sign.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_sign.c,v 1.16 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,15 +63,18 @@ #include #include +#include "evp_locl.h" + int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + size_t sltmp; + int ret = 0; *siglen = 0; EVP_MD_CTX_init(&tmp_ctx); @@ -81,43 +84,21 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } + sltmp = (size_t)EVP_PKEY_size(pkey); - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; - if (ctx->digest->sign == NULL) { - EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); + ret = 1; + + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } diff --git a/externals/libressl/crypto/evp/p_verify.c b/externals/libressl/crypto/evp/p_verify.c index 7dd752c4f..d51d1b4a0 100755 --- a/externals/libressl/crypto/evp/p_verify.c +++ b/externals/libressl/crypto/evp/p_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_verify.c,v 1.15 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,15 +63,17 @@ #include #include +#include "evp_locl.h" + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + int ret = 0; EVP_MD_CTX_init(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) @@ -80,39 +82,16 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } + ret = -1; + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } - - return(ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } diff --git a/externals/libressl/crypto/evp/pmeth_gn.c b/externals/libressl/crypto/evp/pmeth_gn.c index d1cbdc409..7d921d23b 100755 --- a/externals/libressl/crypto/evp/pmeth_gn.c +++ b/externals/libressl/crypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" +#include "bn_lcl.h" #include "evp_locl.h" int @@ -187,7 +189,7 @@ trans_cb(int a, int b, BN_GENCB *gcb) void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) { - BN_GENCB_set(cb, trans_cb, ctx) + BN_GENCB_set(cb, trans_cb, ctx); } int @@ -221,3 +223,66 @@ merr: EVP_PKEY_CTX_free(mac_ctx); return mac_key; } + +int +EVP_PKEY_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->check != NULL) + return ctx->pmeth->check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_check(pkey); +} + +int +EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->public_check != NULL) + return ctx->pmeth->public_check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_public_check(pkey); +} + +int +EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey; + + if ((pkey = ctx->pkey) == NULL) { + EVPerror(EVP_R_NO_KEY_SET); + return 0; + } + + if (ctx->pmeth->param_check != NULL) + return ctx->pmeth->param_check(pkey); + + if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_param_check(pkey); +} diff --git a/externals/libressl/crypto/evp/pmeth_lib.c b/externals/libressl/crypto/evp/pmeth_lib.c index 36bfe8d9f..d265e2ace 100755 --- a/externals/libressl/crypto/evp/pmeth_lib.c +++ b/externals/libressl/crypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.16 2019/11/01 15:08:57 jsing Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.20 2022/01/10 12:10:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -224,39 +224,12 @@ EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = calloc(1, sizeof(EVP_PKEY_METHOD)); - if (!pmeth) + if ((pmeth = calloc(1, sizeof(EVP_PKEY_METHOD))) == NULL) return NULL; pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - pmeth->init = 0; - pmeth->copy = 0; - pmeth->cleanup = 0; - pmeth->paramgen_init = 0; - pmeth->paramgen = 0; - pmeth->keygen_init = 0; - pmeth->keygen = 0; - pmeth->sign_init = 0; - pmeth->sign = 0; - pmeth->verify_init = 0; - pmeth->verify = 0; - pmeth->verify_recover_init = 0; - pmeth->verify_recover = 0; - pmeth->signctx_init = 0; - pmeth->signctx = 0; - pmeth->verifyctx_init = 0; - pmeth->verifyctx = 0; - pmeth->encrypt_init = 0; - pmeth->encrypt = 0; - pmeth->decrypt_init = 0; - pmeth->decrypt = 0; - pmeth->derive_init = 0; - pmeth->derive = 0; - pmeth->ctrl = 0; - pmeth->ctrl_str = 0; - return pmeth; } @@ -272,42 +245,15 @@ EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) { - dst->init = src->init; - dst->copy = src->copy; - dst->cleanup = src->cleanup; + EVP_PKEY_METHOD preserve; - dst->paramgen_init = src->paramgen_init; - dst->paramgen = src->paramgen; + preserve.pkey_id = dst->pkey_id; + preserve.flags = dst->flags; - dst->keygen_init = src->keygen_init; - dst->keygen = src->keygen; + *dst = *src; - dst->sign_init = src->sign_init; - dst->sign = src->sign; - - dst->verify_init = src->verify_init; - dst->verify = src->verify; - - dst->verify_recover_init = src->verify_recover_init; - dst->verify_recover = src->verify_recover; - - dst->signctx_init = src->signctx_init; - dst->signctx = src->signctx; - - dst->verifyctx_init = src->verifyctx_init; - dst->verifyctx = src->verifyctx; - - dst->encrypt_init = src->encrypt_init; - dst->encrypt = src->encrypt; - - dst->decrypt_init = src->decrypt_init; - dst->decrypt = src->decrypt; - - dst->derive_init = src->derive_init; - dst->derive = src->derive; - - dst->ctrl = src->ctrl; - dst->ctrl_str = src->ctrl_str; + dst->pkey_id = preserve.pkey_id; + dst->flags = preserve.flags; } void @@ -636,3 +582,23 @@ EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } + +void +EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)) +{ + pmeth->check = check; +} + +void +EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*public_check)(EVP_PKEY *pkey)) +{ + pmeth->public_check = public_check; +} + +void +EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*param_check)(EVP_PKEY *pkey)) +{ + pmeth->param_check = param_check; +} diff --git a/externals/libressl/crypto/gost/gost2814789.c b/externals/libressl/crypto/gost/gost2814789.c index f1066f246..0841a03b1 100755 --- a/externals/libressl/crypto/gost/gost2814789.c +++ b/externals/libressl/crypto/gost/gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789.c,v 1.6 2020/09/12 02:45:05 inoguchi Exp $ */ +/* $OpenBSD: gost2814789.c,v 1.7 2021/11/09 18:40:21 bcook Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -49,8 +49,7 @@ * ==================================================================== */ -#include - +#include #include #include diff --git a/externals/libressl/crypto/gost/gost89imit_ameth.c b/externals/libressl/crypto/gost/gost89imit_ameth.c index a2631d97f..3fdfa3eef 100755 --- a/externals/libressl/crypto/gost/gost89imit_ameth.c +++ b/externals/libressl/crypto/gost/gost89imit_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost89imit_ameth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */ +/* $OpenBSD: gost89imit_ameth.c,v 1.3 2021/12/12 21:30:14 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -55,6 +55,7 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" static void mackey_free_gost(EVP_PKEY *pk) diff --git a/externals/libressl/crypto/gost/gostr341001.c b/externals/libressl/crypto/gost/gostr341001.c index ba70d5f1f..a6082568f 100755 --- a/externals/libressl/crypto/gost/gostr341001.c +++ b/externals/libressl/crypto/gost/gostr341001.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: gostr341001.c,v 1.9 2022/01/07 09:40:03 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -59,6 +59,7 @@ #include #include "bn_lcl.h" +#include "ecs_locl.h" #include "gost_locl.h" /* Convert little-endian byte array into bignum */ @@ -206,7 +207,7 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey) GOSTerror(ERR_R_EC_LIB); goto err; } - if (EC_POINT_get_affine_coordinates_GFp(group, C, X, + if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) { GOSTerror(ERR_R_EC_LIB); goto err; @@ -304,7 +305,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) GOSTerror(ERR_R_EC_LIB); goto err; } - if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) { + if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) { GOSTerror(ERR_R_EC_LIB); goto err; } @@ -354,7 +355,7 @@ VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key, goto err; if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0) goto err; - if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0) + if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0) goto err; ok = 1; diff --git a/externals/libressl/crypto/gost/gostr341001_ameth.c b/externals/libressl/crypto/gost/gostr341001_ameth.c index 27a95f206..ce203a6c2 100755 --- a/externals/libressl/crypto/gost/gostr341001_ameth.c +++ b/externals/libressl/crypto/gost/gostr341001_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_ameth.c,v 1.16 2020/06/05 17:17:22 jsing Exp $ */ +/* $OpenBSD: gostr341001_ameth.c,v 1.19 2021/12/26 15:38:49 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -63,6 +63,7 @@ #include "asn1_locl.h" +#include "evp_locl.h" #include "gost_locl.h" #include "gost_asn1.h" @@ -290,7 +291,7 @@ pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) goto err; } - if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec), + if (EC_POINT_get_affine_coordinates(GOST_KEY_get0_group(ec), pub_key, X, Y, NULL) == 0) { GOSTerror(ERR_R_EC_LIB); goto err; @@ -352,8 +353,7 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) goto err; pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost); group = GOST_KEY_get0_group(pkey->pkey.gost); - if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, - ctx) == 0) { + if (EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx) == 0) { GOSTerror(ERR_R_EC_LIB); goto err; } @@ -365,7 +365,8 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) BIO_printf(out, "X:"); BN_print(out, X); BIO_printf(out, "\n"); - BIO_indent(out, indent + 3, 128); + if (BIO_indent(out, indent + 3, 128) == 0) + goto err; BIO_printf(out, "Y:"); BN_print(out, Y); BIO_printf(out, "\n"); diff --git a/externals/libressl/crypto/gost/gostr341001_key.c b/externals/libressl/crypto/gost/gostr341001_key.c index 0af39f21b..d5d885c25 100755 --- a/externals/libressl/crypto/gost/gostr341001_key.c +++ b/externals/libressl/crypto/gost/gostr341001_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_key.c,v 1.8 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: gostr341001_key.c,v 1.9 2021/04/20 17:16:38 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -201,10 +201,10 @@ GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y) goto err; if ((ty = BN_CTX_get(ctx)) == NULL) goto err; - if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, + if (EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx) == 0) goto err; - if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, + if (EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx) == 0) goto err; /* diff --git a/externals/libressl/crypto/gost/gostr341001_pmeth.c b/externals/libressl/crypto/gost/gostr341001_pmeth.c index 0eb1d873d..ae39b0590 100755 --- a/externals/libressl/crypto/gost/gostr341001_pmeth.c +++ b/externals/libressl/crypto/gost/gostr341001_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: gostr341001_pmeth.c,v 1.16 2022/03/30 07:17:48 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -62,6 +62,7 @@ #include #include +#include "ecs_locl.h" #include "evp_locl.h" #include "gost_locl.h" #include "gost_asn1.h" @@ -174,7 +175,10 @@ pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) { - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + struct gost_pmeth_data *data; + + if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL) + return; free(data->shared_ukm); free(data); diff --git a/externals/libressl/crypto/gost/streebog.c b/externals/libressl/crypto/gost/streebog.c index 61bce0e32..b237a2c50 100755 --- a/externals/libressl/crypto/gost/streebog.c +++ b/externals/libressl/crypto/gost/streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: streebog.c,v 1.6 2019/05/09 22:54:28 tb Exp $ */ +/* $OpenBSD: streebog.c,v 1.7 2021/11/09 18:40:21 bcook Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -49,8 +49,7 @@ * ==================================================================== */ -#include - +#include #include #include diff --git a/externals/libressl/crypto/hkdf/hkdf.c b/externals/libressl/crypto/hkdf/hkdf.c index b8be10bfc..9adf12608 100755 --- a/externals/libressl/crypto/hkdf/hkdf.c +++ b/externals/libressl/crypto/hkdf/hkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf.c,v 1.4 2019/11/21 20:02:20 tim Exp $ */ +/* $OpenBSD: hkdf.c,v 1.7 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -16,12 +16,14 @@ #include -#include #include #include #include +#include "evp_locl.h" +#include "hmac_local.h" + /* https://tools.ietf.org/html/rfc5869#section-2 */ int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, diff --git a/externals/libressl/crypto/hmac/hm_ameth.c b/externals/libressl/crypto/hmac/hm_ameth.c index cfa023970..84bb5f0c0 100755 --- a/externals/libressl/crypto/hmac/hm_ameth.c +++ b/externals/libressl/crypto/hmac/hm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: hm_ameth.c,v 1.12 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -60,8 +60,11 @@ #include #include +#include #include "asn1_locl.h" +#include "evp_locl.h" +#include "hmac_local.h" #define HMAC_TEST_PRIVATE_KEY_FORMAT diff --git a/externals/libressl/crypto/hmac/hm_pmeth.c b/externals/libressl/crypto/hmac/hm_pmeth.c index 390725fa2..4017f570b 100755 --- a/externals/libressl/crypto/hmac/hm_pmeth.c +++ b/externals/libressl/crypto/hmac/hm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_pmeth.c,v 1.10 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: hm_pmeth.c,v 1.13 2022/03/30 07:17:48 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -65,6 +65,7 @@ #include #include "evp_locl.h" +#include "hmac_local.h" /* HMAC pkey context structure */ @@ -79,13 +80,9 @@ pkey_hmac_init(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx; - hctx = malloc(sizeof(HMAC_PKEY_CTX)); - if (!hctx) + if ((hctx = calloc(1, sizeof(HMAC_PKEY_CTX))) == NULL) return 0; - hctx->md = NULL; - hctx->ktmp.data = NULL; - hctx->ktmp.length = 0; - hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; HMAC_CTX_init(&hctx->ctx); @@ -119,7 +116,10 @@ pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) { - HMAC_PKEY_CTX *hctx = ctx->data; + HMAC_PKEY_CTX *hctx; + + if ((hctx = ctx->data) == NULL) + return; HMAC_CTX_cleanup(&hctx->ctx); freezero(hctx->ktmp.data, hctx->ktmp.length); diff --git a/externals/libressl/crypto/hmac/hmac.c b/externals/libressl/crypto/hmac/hmac.c index 7bf17eed9..55989988a 100755 --- a/externals/libressl/crypto/hmac/hmac.c +++ b/externals/libressl/crypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.25 2018/02/17 14:53:58 jsing Exp $ */ +/* $OpenBSD: hmac.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,9 @@ #include #include +#include "evp_locl.h" +#include "hmac_local.h" + int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) diff --git a/externals/libressl/crypto/hmac/hmac_local.h b/externals/libressl/crypto/hmac/hmac_local.h new file mode 100755 index 000000000..5900bc1c2 --- /dev/null +++ b/externals/libressl/crypto/hmac/hmac_local.h @@ -0,0 +1,83 @@ +/* $OpenBSD: hmac_local.h,v 1.3 2022/01/14 08:06:03 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#ifndef HEADER_HMAC_LOCAL_H +#define HEADER_HMAC_LOCAL_H + +#include + +#include + +#include "evp_locl.h" + +__BEGIN_HIDDEN_DECLS + +struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX md_ctx; + EVP_MD_CTX i_ctx; + EVP_MD_CTX o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; +} /* HMAC_CTX */; + +void HMAC_CTX_init(HMAC_CTX *ctx); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +__END_HIDDEN_DECLS + +#endif /* !HEADER_HMAC_LOCAL_H */ diff --git a/externals/libressl/crypto/md5/md5-masm-x86_64.S b/externals/libressl/crypto/md5/md5-masm-x86_64.S index 40019cd58..85d0bcb97 100755 --- a/externals/libressl/crypto/md5/md5-masm-x86_64.S +++ b/externals/libressl/crypto/md5/md5-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/md5/md5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/md5/md5-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/modes/cbc128.c b/externals/libressl/crypto/modes/cbc128.c index fe45103b0..c5cf5a632 100755 --- a/externals/libressl/crypto/modes/cbc128.c +++ b/externals/libressl/crypto/modes/cbc128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cbc128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: cbc128.c,v 1.5 2022/01/22 00:45:17 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 2008 The OpenSSL Project. All rights reserved. * @@ -110,7 +110,7 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, in += 16; out += 16; } - memcpy(ivec,iv,16); + memmove(ivec,iv,16); } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, @@ -148,7 +148,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - memcpy(ivec,iv,16); + memmove(ivec,iv,16); } else { if (STRICT_ALIGNMENT && ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { diff --git a/externals/libressl/crypto/modes/ghash-masm-x86_64.S b/externals/libressl/crypto/modes/ghash-masm-x86_64.S index ffdc1b515..09ee8e0f3 100755 --- a/externals/libressl/crypto/modes/ghash-masm-x86_64.S +++ b/externals/libressl/crypto/modes/ghash-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/modes/modes_lcl.h b/externals/libressl/crypto/modes/modes_lcl.h index bfea1894d..d0126e874 100755 --- a/externals/libressl/crypto/modes/modes_lcl.h +++ b/externals/libressl/crypto/modes/modes_lcl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: modes_lcl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: modes_lcl.h,v 1.11 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -6,7 +6,7 @@ * ==================================================================== */ -#include +#include #include diff --git a/externals/libressl/crypto/modes/xts128.c b/externals/libressl/crypto/modes/xts128.c index 0be23d4ea..2084892ee 100755 --- a/externals/libressl/crypto/modes/xts128.c +++ b/externals/libressl/crypto/modes/xts128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xts128.c,v 1.7 2017/08/13 17:46:24 bcook Exp $ */ +/* $OpenBSD: xts128.c,v 1.8 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -48,9 +48,10 @@ * ==================================================================== */ -#include #include #include "modes_lcl.h" + +#include #include #ifndef MODES_DEBUG diff --git a/externals/libressl/crypto/o_fips.c b/externals/libressl/crypto/o_fips.c new file mode 100755 index 000000000..b1487e3be --- /dev/null +++ b/externals/libressl/crypto/o_fips.c @@ -0,0 +1,76 @@ +/* $OpenBSD: o_fips.c,v 1.6 2021/10/23 13:57:00 schwarze Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL + * project 2011. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "cryptlib.h" + +int +FIPS_mode(void) +{ + return 0; +} + +int +FIPS_mode_set(int r) +{ + if (r == 0) + return 1; + CRYPTOerror(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); + return 0; +} diff --git a/externals/libressl/crypto/o_time.c b/externals/libressl/crypto/o_time.c index 9b2e7e5b5..3f164c7fd 100755 --- a/externals/libressl/crypto/o_time.c +++ b/externals/libressl/crypto/o_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: o_time.c,v 1.15 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: o_time.c,v 1.16 2021/10/27 09:50:56 beck Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -72,6 +72,8 @@ static long date_to_julian(int y, int m, int d); static void julian_to_date(long jd, int *y, int *m, int *d); +static int julian_adj(const struct tm *tm, int off_day, long offset_sec, + long *pday, int *psec); int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) @@ -131,6 +133,85 @@ OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) } +int +OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from, + const struct tm *to) +{ + int from_sec, to_sec, diff_sec; + long from_jd, to_jd, diff_day; + + if (!julian_adj(from, 0, 0, &from_jd, &from_sec)) + return 0; + if (!julian_adj(to, 0, 0, &to_jd, &to_sec)) + return 0; + diff_day = to_jd - from_jd; + diff_sec = to_sec - from_sec; + /* Adjust differences so both positive or both negative */ + if (diff_day > 0 && diff_sec < 0) { + diff_day--; + diff_sec += SECS_PER_DAY; + } + if (diff_day < 0 && diff_sec > 0) { + diff_day++; + diff_sec -= SECS_PER_DAY; + } + + if (pday) + *pday = (int)diff_day; + if (psec) + *psec = diff_sec; + + return 1; + +} + +/* Convert tm structure and offset into julian day and seconds */ +static int +julian_adj(const struct tm *tm, int off_day, long offset_sec, long *pday, + int *psec) +{ + int time_year, time_month, time_day; + long offset_day, time_jd; + int offset_hms; + + /* split offset into days and day seconds */ + offset_day = offset_sec / SECS_PER_DAY; + /* Avoid sign issues with % operator */ + offset_hms = offset_sec - (offset_day * SECS_PER_DAY); + offset_day += off_day; + /* Add current time seconds to offset */ + offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; + /* Adjust day seconds if overflow */ + if (offset_hms >= SECS_PER_DAY) { + offset_day++; + offset_hms -= SECS_PER_DAY; + } else if (offset_hms < 0) { + offset_day--; + offset_hms += SECS_PER_DAY; + } + + /* + * Convert date of time structure into a Julian day number. + */ + + time_year = tm->tm_year + 1900; + time_month = tm->tm_mon + 1; + time_day = tm->tm_mday; + + time_jd = date_to_julian(time_year, time_month, time_day); + + /* Work out Julian day of new date */ + time_jd += offset_day; + + if (time_jd < 0) + return 0; + + *pday = time_jd; + *psec = offset_hms; + + return 1; +} + /* Convert date to and from julian day * Uses Fliegel & Van Flandern algorithm */ diff --git a/externals/libressl/crypto/o_time.h b/externals/libressl/crypto/o_time.h index 8c6301db3..064f2cc23 100755 --- a/externals/libressl/crypto/o_time.h +++ b/externals/libressl/crypto/o_time.h @@ -1,4 +1,4 @@ -/* $OpenBSD: o_time.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: o_time.h,v 1.8 2021/10/27 09:50:56 beck Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -64,7 +64,8 @@ __BEGIN_HIDDEN_DECLS int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from, + const struct tm *to); __END_HIDDEN_DECLS - #endif diff --git a/externals/libressl/crypto/objects/obj_dat.c b/externals/libressl/crypto/objects/obj_dat.c index c0b63e4d8..bcb7ee2db 100755 --- a/externals/libressl/crypto/objects/obj_dat.c +++ b/externals/libressl/crypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.42 2019/07/03 03:24:04 deraadt Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.49 2022/03/19 17:49:32 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #include +#include "asn1_locl.h" + /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" @@ -456,9 +458,9 @@ OBJ_obj2nid(const ASN1_OBJECT *a) const unsigned int *op; ADDED_OBJ ad, *adp; - if (a == NULL) + if (a == NULL || a->length == 0) return (NID_undef); - if (a->nid != 0) + if (a->nid != NID_undef) return (a->nid); if (added != NULL) { @@ -483,12 +485,7 @@ OBJ_obj2nid(const ASN1_OBJECT *a) ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name) { - int nid = NID_undef; - ASN1_OBJECT *op = NULL; - unsigned char *buf; - unsigned char *p; - const unsigned char *cp; - int i, j; + int nid; if (!no_name) { if (((nid = OBJ_sn2nid(s)) != NID_undef) || @@ -496,149 +493,16 @@ OBJ_txt2obj(const char *s, int no_name) return OBJ_nid2obj(nid); } - /* Work out size of content octets */ - i = a2d_ASN1_OBJECT(NULL, 0, s, -1); - if (i <= 0) { - /* Don't clear the error */ - /*ERR_clear_error();*/ - return NULL; - } - /* Work out total size */ - j = ASN1_object_size(0, i, V_ASN1_OBJECT); - - if ((buf = malloc(j)) == NULL) - return NULL; - - p = buf; - /* Write out tag+length */ - ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - /* Write out contents */ - a2d_ASN1_OBJECT(p, i, s, -1); - - cp = buf; - op = d2i_ASN1_OBJECT(NULL, &cp, j); - free(buf); - return op; + return t2i_ASN1_OBJECT_internal(s); } int -OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) +OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *aobj, int no_name) { - int i, ret = 0, len, nid, first = 1, use_bn; - BIGNUM *bl = NULL; - unsigned long l; - const unsigned char *p; + if (aobj == NULL || aobj->data == NULL) + return 0; - /* Ensure that, at every state, |buf| is NUL-terminated. */ - if (buf_len > 0) - buf[0] = '\0'; - - if ((a == NULL) || (a->data == NULL)) - goto err; - - if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { - const char *s; - s = OBJ_nid2ln(nid); - if (s == NULL) - s = OBJ_nid2sn(nid); - if (s) { - ret = strlcpy(buf, s, buf_len); - goto out; - } - } - - len = a->length; - p = a->data; - - while (len > 0) { - l = 0; - use_bn = 0; - for (;;) { - unsigned char c = *p++; - len--; - if ((len == 0) && (c & 0x80)) - goto err; - if (use_bn) { - if (!BN_add_word(bl, c & 0x7f)) - goto err; - } else - l |= c & 0x7f; - if (!(c & 0x80)) - break; - if (!use_bn && (l > (ULONG_MAX >> 7L))) { - if (!bl && !(bl = BN_new())) - goto err; - if (!BN_set_word(bl, l)) - goto err; - use_bn = 1; - } - if (use_bn) { - if (!BN_lshift(bl, bl, 7)) - goto err; - } else - l <<= 7L; - } - - if (first) { - first = 0; - if (l >= 80) { - i = 2; - if (use_bn) { - if (!BN_sub_word(bl, 80)) - goto err; - } else - l -= 80; - } else { - i = (int)(l / 40); - l -= (long)(i * 40); - } - if (buf_len > 1) { - *buf++ = i + '0'; - *buf = '\0'; - buf_len--; - } - ret++; - } - - if (use_bn) { - char *bndec; - - bndec = BN_bn2dec(bl); - if (!bndec) - goto err; - i = snprintf(buf, buf_len, ".%s", bndec); - free(bndec); - if (i < 0) - goto err; - if (i >= buf_len) { - buf_len = 0; - } else { - buf += i; - buf_len -= i; - } - ret += i; - } else { - i = snprintf(buf, buf_len, ".%lu", l); - if (i < 0) - goto err; - if (i >= buf_len) { - buf_len = 0; - } else { - buf += i; - buf_len -= i; - } - ret += i; - l = 0; - } - } - - out: - BN_free(bl); - return ret; - - err: - ret = 0; - goto out; + return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, no_name); } int @@ -815,3 +679,24 @@ OBJ_create(const char *oid, const char *sn, const char *ln) free(buf); return (ok); } + +size_t +OBJ_length(const ASN1_OBJECT *obj) +{ + if (obj == NULL) + return 0; + + if (obj->length < 0) + return 0; + + return obj->length; +} + +const unsigned char * +OBJ_get0_data(const ASN1_OBJECT *obj) +{ + if (obj == NULL) + return NULL; + + return obj->data; +} diff --git a/externals/libressl/crypto/objects/obj_dat.h b/externals/libressl/crypto/objects/obj_dat.h index 13f23837d..4bfb4806b 100755 --- a/externals/libressl/crypto/objects/obj_dat.h +++ b/externals/libressl/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1001 -#define NUM_SN 994 -#define NUM_LN 994 -#define NUM_OBJ 924 +#define NUM_NID 1022 +#define NUM_SN 1015 +#define NUM_LN 1015 +#define NUM_OBJ 945 -static const unsigned char lvalues[6481]={ +static const unsigned char lvalues[6677]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -986,6 +986,27 @@ static const unsigned char lvalues[6481]={ 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,/* [6455] OBJ_id_tc26_gost_3410_12_512_paramSetC */ 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6464] OBJ_id_tc26_hmac_gost_3411_12_256 */ 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6472] OBJ_id_tc26_hmac_gost_3411_12_512 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x18,/* [6480] OBJ_id_ct_routeOriginAuthz */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1A,/* [6491] OBJ_id_ct_rpkiManifest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x23,/* [6502] OBJ_id_ct_rpkiGhostbusters */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x24,/* [6513] OBJ_id_ct_resourceTaggedAttest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0E, /* [6524] OBJ_id_cp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1C, /* [6531] OBJ_sbgp_ipAddrBlockv2 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1D, /* [6539] OBJ_sbgp_autonomousSysNumv2 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x02, /* [6547] OBJ_ipAddr_asNumber */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x03, /* [6555] OBJ_ipAddr_asNumberv2 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0A, /* [6563] OBJ_rpkiManifest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B, /* [6571] OBJ_signedObject */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D, /* [6579] OBJ_rpkiNotify */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x2F,/* [6587] OBJ_id_ct_geofeedCSVwithCRLF */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x30,/* [6598] OBJ_id_ct_signedChecklist */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [6609] OBJ_id_kp_bgpsec_router */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6617] OBJ_tlsfeature */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x31,/* [6625] OBJ_id_ct_ASPA */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6636] OBJ_ct_precert_scts */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6646] OBJ_ct_precert_poison */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6656] OBJ_ct_precert_signer */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6666] OBJ_ct_cert_scts */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2612,6 +2633,42 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_id_tc26_hmac_gost_3411_12_256,8,&(lvalues[6464]),0}, {"id-tc26-hmac-gost-3411-12-512","HMAC STREEBOG 512", NID_id_tc26_hmac_gost_3411_12_512,8,&(lvalues[6472]),0}, +{"id-ct-routeOriginAuthz","id-ct-routeOriginAuthz", + NID_id_ct_routeOriginAuthz,11,&(lvalues[6480]),0}, +{"id-ct-rpkiManifest","id-ct-rpkiManifest",NID_id_ct_rpkiManifest,11, + &(lvalues[6491]),0}, +{"id-ct-rpkiGhostbusters","id-ct-rpkiGhostbusters", + NID_id_ct_rpkiGhostbusters,11,&(lvalues[6502]),0}, +{"id-ct-resourceTaggedAttest","id-ct-resourceTaggedAttest", + NID_id_ct_resourceTaggedAttest,11,&(lvalues[6513]),0}, +{"id-cp","id-cp",NID_id_cp,7,&(lvalues[6524]),0}, +{"sbgp-ipAddrBlockv2","sbgp-ipAddrBlockv2",NID_sbgp_ipAddrBlockv2,8, + &(lvalues[6531]),0}, +{"sbgp-autonomousSysNumv2","sbgp-autonomousSysNumv2", + NID_sbgp_autonomousSysNumv2,8,&(lvalues[6539]),0}, +{"ipAddr-asNumber","ipAddr-asNumber",NID_ipAddr_asNumber,8, + &(lvalues[6547]),0}, +{"ipAddr-asNumberv2","ipAddr-asNumberv2",NID_ipAddr_asNumberv2,8, + &(lvalues[6555]),0}, +{"rpkiManifest","RPKI Manifest",NID_rpkiManifest,8,&(lvalues[6563]),0}, +{"signedObject","Signed Object",NID_signedObject,8,&(lvalues[6571]),0}, +{"rpkiNotify","RPKI Notify",NID_rpkiNotify,8,&(lvalues[6579]),0}, +{"id-ct-geofeedCSVwithCRLF","id-ct-geofeedCSVwithCRLF", + NID_id_ct_geofeedCSVwithCRLF,11,&(lvalues[6587]),0}, +{"id-ct-signedChecklist","id-ct-signedChecklist", + NID_id_ct_signedChecklist,11,&(lvalues[6598]),0}, +{"id-kp-bgpsec-router","BGPsec Router",NID_id_kp_bgpsec_router,8, + &(lvalues[6609]),0}, +{"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6617]),0}, +{"id-ct-ASPA","id-ct-ASPA",NID_id_ct_ASPA,11,&(lvalues[6625]),0}, +{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, + &(lvalues[6636]),0}, +{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, + 10,&(lvalues[6646]),0}, +{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, + 10,&(lvalues[6656]),0}, +{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, + &(lvalues[6666]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2914,6 +2971,10 @@ static const unsigned int sn_objs[NUM_SN]={ 884, /* "crossCertificatePair" */ 806, /* "cryptocom" */ 805, /* "cryptopro" */ +1021, /* "ct_cert_scts" */ +1019, /* "ct_precert_poison" */ +1018, /* "ct_precert_scts" */ +1020, /* "ct_precert_signer" */ 500, /* "dITRedirect" */ 451, /* "dNSDomain" */ 495, /* "dSAQuality" */ @@ -3096,7 +3157,15 @@ static const unsigned int sn_objs[NUM_SN]={ 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ +1005, /* "id-cp" */ +1017, /* "id-ct-ASPA" */ 787, /* "id-ct-asciiTextWithCRLF" */ +1013, /* "id-ct-geofeedCSVwithCRLF" */ +1004, /* "id-ct-resourceTaggedAttest" */ +1001, /* "id-ct-routeOriginAuthz" */ +1003, /* "id-ct-rpkiGhostbusters" */ +1002, /* "id-ct-rpkiManifest" */ +1014, /* "id-ct-signedChecklist" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -3118,6 +3187,7 @@ static const unsigned int sn_objs[NUM_SN]={ 784, /* "id-it-suppLangTags" */ 304, /* "id-it-unsupportedOIDs" */ 128, /* "id-kp" */ +1015, /* "id-kp-bgpsec-router" */ 280, /* "id-mod-attribute-cert" */ 274, /* "id-mod-cmc" */ 277, /* "id-mod-cmp" */ @@ -3257,6 +3327,8 @@ static const unsigned int sn_objs[NUM_SN]={ 647, /* "international-organizations" */ 869, /* "internationaliSDNNumber" */ 142, /* "invalidityDate" */ +1008, /* "ipAddr-asNumber" */ +1009, /* "ipAddr-asNumberv2" */ 294, /* "ipsecEndSystem" */ 295, /* "ipsecTunnel" */ 296, /* "ipsecUser" */ @@ -3375,6 +3447,8 @@ static const unsigned int sn_objs[NUM_SN]={ 877, /* "roleOccupant" */ 448, /* "room" */ 463, /* "roomNumber" */ +1010, /* "rpkiManifest" */ +1012, /* "rpkiNotify" */ 6, /* "rsaEncryption" */ 644, /* "rsaOAEPEncryptionSET" */ 377, /* "rsaSignature" */ @@ -3382,7 +3456,9 @@ static const unsigned int sn_objs[NUM_SN]={ 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ +1007, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ +1006, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 159, /* "sdsiCertificate" */ 859, /* "searchGuide" */ @@ -3555,6 +3631,7 @@ static const unsigned int sn_objs[NUM_SN]={ 604, /* "setext-pinAny" */ 603, /* "setext-pinSecure" */ 605, /* "setext-track2" */ +1011, /* "signedObject" */ 52, /* "signingTime" */ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ @@ -3581,6 +3658,7 @@ static const unsigned int sn_objs[NUM_SN]={ 293, /* "textNotice" */ 133, /* "timeStamping" */ 106, /* "title" */ +1016, /* "tlsfeature" */ 682, /* "tpBasis" */ 375, /* "trustRoot" */ 436, /* "ucl" */ @@ -3618,10 +3696,15 @@ static const unsigned int ln_objs[NUM_LN]={ 910, /* "Any Extended Key Usage" */ 664, /* "Any language" */ 177, /* "Authority Information Access" */ +1015, /* "BGPsec Router" */ 365, /* "Basic OCSP Response" */ 285, /* "Biometric Info" */ 179, /* "CA Issuers" */ 785, /* "CA Repository" */ +1021, /* "CT Certificate SCTs" */ +1019, /* "CT Precertificate Poison" */ +1018, /* "CT Precertificate SCTs" */ +1020, /* "CT Precertificate Signer" */ 131, /* "Code Signing" */ 783, /* "Diffie-Hellman based MAC" */ 382, /* "Directory" */ @@ -3728,6 +3811,8 @@ static const unsigned int ln_objs[NUM_LN]={ 165, /* "Policy Qualifier User Notice" */ 385, /* "Private" */ 663, /* "Proxy Certificate Information" */ +1010, /* "RPKI Manifest" */ +1012, /* "RPKI Notify" */ 1, /* "RSA Data Security, Inc." */ 2, /* "RSA Data Security, Inc. PKCS" */ 188, /* "S/MIME" */ @@ -3736,8 +3821,10 @@ static const unsigned int ln_objs[NUM_LN]={ 512, /* "Secure Electronic Transactions" */ 386, /* "Security" */ 394, /* "Selected Attribute Types" */ +1011, /* "Signed Object" */ 143, /* "Strong Extranet ID" */ 398, /* "Subject Information Access" */ +1016, /* "TLS Feature" */ 130, /* "TLS Web Client Authentication" */ 129, /* "TLS Web Server Authentication" */ 133, /* "Time Stamping" */ @@ -4087,7 +4174,15 @@ static const unsigned int ln_objs[NUM_LN]={ 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ +1005, /* "id-cp" */ +1017, /* "id-ct-ASPA" */ 787, /* "id-ct-asciiTextWithCRLF" */ +1013, /* "id-ct-geofeedCSVwithCRLF" */ +1004, /* "id-ct-resourceTaggedAttest" */ +1001, /* "id-ct-routeOriginAuthz" */ +1003, /* "id-ct-rpkiGhostbusters" */ +1002, /* "id-ct-rpkiManifest" */ +1014, /* "id-ct-signedChecklist" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ @@ -4228,6 +4323,8 @@ static const unsigned int ln_objs[NUM_LN]={ 461, /* "info" */ 101, /* "initials" */ 869, /* "internationaliSDNNumber" */ +1008, /* "ipAddr-asNumber" */ +1009, /* "ipAddr-asNumberv2" */ 749, /* "ipsec3" */ 750, /* "ipsec4" */ 181, /* "iso" */ @@ -4374,7 +4471,9 @@ static const unsigned int ln_objs[NUM_LN]={ 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ +1007, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ +1006, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 159, /* "sdsiCertificate" */ 859, /* "searchGuide" */ @@ -5015,6 +5114,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +1005, /* OBJ_id_cp 1 3 6 1 5 5 7 14 */ 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ @@ -5137,6 +5237,9 @@ static const unsigned int obj_objs[NUM_OBJ]={ 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +1016, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ +1006, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ +1007, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -5150,6 +5253,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +1015, /* OBJ_id_kp_bgpsec_router 1 3 6 1 5 5 7 3 30 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ @@ -5209,6 +5313,8 @@ static const unsigned int obj_objs[NUM_OBJ]={ 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +1008, /* OBJ_ipAddr_asNumber 1 3 6 1 5 5 7 14 2 */ +1009, /* OBJ_ipAddr_asNumberv2 1 3 6 1 5 5 7 14 3 */ 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ @@ -5217,6 +5323,9 @@ static const unsigned int obj_objs[NUM_OBJ]={ 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +1010, /* OBJ_rpkiManifest 1 3 6 1 5 5 7 48 10 */ +1011, /* OBJ_signedObject 1 3 6 1 5 5 7 48 11 */ +1012, /* OBJ_rpkiNotify 1 3 6 1 5 5 7 48 13 */ 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ @@ -5452,6 +5561,10 @@ static const unsigned int obj_objs[NUM_OBJ]={ 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +1018, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ +1019, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ +1020, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ +1021, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ @@ -5475,7 +5588,14 @@ static const unsigned int obj_objs[NUM_OBJ]={ 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +1001, /* OBJ_id_ct_routeOriginAuthz 1 2 840 113549 1 9 16 1 24 */ +1002, /* OBJ_id_ct_rpkiManifest 1 2 840 113549 1 9 16 1 26 */ 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ +1003, /* OBJ_id_ct_rpkiGhostbusters 1 2 840 113549 1 9 16 1 35 */ +1004, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */ +1013, /* OBJ_id_ct_geofeedCSVwithCRLF 1 2 840 113549 1 9 16 1 47 */ +1014, /* OBJ_id_ct_signedChecklist 1 2 840 113549 1 9 16 1 48 */ +1017, /* OBJ_id_ct_ASPA 1 2 840 113549 1 9 16 1 49 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ diff --git a/externals/libressl/crypto/objects/obj_lib.c b/externals/libressl/crypto/objects/obj_lib.c index 5327a0cb9..39cd41249 100755 --- a/externals/libressl/crypto/objects/obj_lib.c +++ b/externals/libressl/crypto/objects/obj_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_lib.c,v 1.15 2018/09/08 10:31:24 tb Exp $ */ +/* $OpenBSD: obj_lib.c,v 1.16 2022/01/07 11:13:54 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "asn1_locl.h" + ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o) { diff --git a/externals/libressl/crypto/objects/obj_xref.h b/externals/libressl/crypto/objects/obj_xref.h index 59c597ce4..cffd00699 100755 --- a/externals/libressl/crypto/objects/obj_xref.h +++ b/externals/libressl/crypto/objects/obj_xref.h @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_xref.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: obj_xref.h,v 1.5 2021/05/12 10:24:39 inoguchi Exp $ */ /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ __BEGIN_HIDDEN_DECLS @@ -44,6 +44,16 @@ static const nid_triple sigoid_srt[] = {NID_rsassaPss, NID_undef, NID_rsaEncryption}, {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001}, {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001}, + {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, + {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf}, }; static const nid_triple * const sigoid_srt_xref[] = @@ -61,19 +71,29 @@ static const nid_triple * const sigoid_srt_xref[] = &sigoid_srt[5], &sigoid_srt[8], &sigoid_srt[12], + &sigoid_srt[32], + &sigoid_srt[37], &sigoid_srt[6], &sigoid_srt[10], &sigoid_srt[11], &sigoid_srt[13], &sigoid_srt[24], &sigoid_srt[20], + &sigoid_srt[34], + &sigoid_srt[39], &sigoid_srt[14], &sigoid_srt[21], + &sigoid_srt[35], + &sigoid_srt[40], &sigoid_srt[15], &sigoid_srt[22], + &sigoid_srt[36], + &sigoid_srt[41], &sigoid_srt[16], &sigoid_srt[23], &sigoid_srt[19], + &sigoid_srt[33], + &sigoid_srt[38], &sigoid_srt[25], &sigoid_srt[26], &sigoid_srt[27], diff --git a/externals/libressl/crypto/ocsp/ocsp_asn.c b/externals/libressl/crypto/ocsp/ocsp_asn.c index bb58ca79a..3f00fca10 100755 --- a/externals/libressl/crypto/ocsp/ocsp_asn.c +++ b/externals/libressl/crypto/ocsp/ocsp_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_asn.c,v 1.9 2016/11/04 18:35:30 jsing Exp $ */ +/* $OpenBSD: ocsp_asn.c,v 1.10 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -59,6 +59,8 @@ #include #include +#include "ocsp_local.h" + static const ASN1_TEMPLATE OCSP_SIGNATURE_seq_tt[] = { { .flags = 0, diff --git a/externals/libressl/crypto/ocsp/ocsp_cl.c b/externals/libressl/crypto/ocsp/ocsp_cl.c index 0ed816cdc..bcc484c3c 100755 --- a/externals/libressl/crypto/ocsp/ocsp_cl.c +++ b/externals/libressl/crypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_cl.c,v 1.16 2018/11/25 19:48:43 jmc Exp $ */ +/* $OpenBSD: ocsp_cl.c,v 1.21 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -71,6 +71,8 @@ #include #include +#include "ocsp_local.h" + /* Utility functions related to sending OCSP requests and extracting * relevant information from the response. */ @@ -81,18 +83,19 @@ OCSP_ONEREQ * OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) { - OCSP_ONEREQ *one = NULL; + OCSP_ONEREQ *one; - if (!(one = OCSP_ONEREQ_new())) + if ((one = OCSP_ONEREQ_new()) == NULL) goto err; - if (one->reqCert) - OCSP_CERTID_free(one->reqCert); + if (req != NULL) { + if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) + goto err; + } + OCSP_CERTID_free(one->reqCert); one->reqCert = cid; - if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) - goto err; return one; -err: + err: OCSP_ONEREQ_free(one); return NULL; } @@ -135,7 +138,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) if (!sk_X509_push(sig->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } @@ -232,6 +235,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); } +const ASN1_GENERALIZEDTIME * +OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData->producedAt; +} + +const STACK_OF(X509) * +OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) +{ + return bs->certs; +} + +int +OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) +{ + const OCSP_RESPID *rid = bs->tbsResponseData->responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = rid->value.byName; + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = rid->value.byKey; + *pname = NULL; + } else { + return 0; + } + + return 1; +} + +const ASN1_OCTET_STRING * +OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +{ + return bs->signature; +} + +const X509_ALGOR * +OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) +{ + return bs->signatureAlgorithm; +} + +const OCSP_RESPDATA * +OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/externals/libressl/crypto/ocsp/ocsp_ext.c b/externals/libressl/crypto/ocsp/ocsp_ext.c index eb51cfbff..1400ad70d 100755 --- a/externals/libressl/crypto/ocsp/ocsp_ext.c +++ b/externals/libressl/crypto/ocsp/ocsp_ext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_ext.c,v 1.18 2018/05/14 23:47:10 tb Exp $ */ +/* $OpenBSD: ocsp_ext.c,v 1.20 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -70,6 +70,9 @@ #include #include +#include "ocsp_local.h" +#include "x509_lcl.h" + /* Standard wrapper functions for extensions */ /* OCSP request extensions */ diff --git a/externals/libressl/crypto/ocsp/ocsp_lib.c b/externals/libressl/crypto/ocsp/ocsp_lib.c index 53d516020..09bccc0cf 100755 --- a/externals/libressl/crypto/ocsp/ocsp_lib.c +++ b/externals/libressl/crypto/ocsp/ocsp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_lib.c,v 1.23 2018/08/24 20:03:21 tb Exp $ */ +/* $OpenBSD: ocsp_lib.c,v 1.25 2022/01/22 00:31:23 inoguchi Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -74,6 +74,8 @@ #include #include +#include "ocsp_local.h" + /* Convert a certificate and its issuer to an OCSP_CERTID */ OCSP_CERTID * @@ -94,7 +96,9 @@ OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) iname = X509_get_subject_name(issuer); serial = NULL; } - ikey = X509_get0_pubkey_bitstr(issuer); + if ((ikey = X509_get0_pubkey_bitstr(issuer)) == NULL) + return NULL; + return OCSP_cert_id_new(dgst, iname, ikey, serial); } diff --git a/externals/libressl/crypto/ocsp/ocsp_local.h b/externals/libressl/crypto/ocsp/ocsp_local.h new file mode 100755 index 000000000..bd933b191 --- /dev/null +++ b/externals/libressl/crypto/ocsp/ocsp_local.h @@ -0,0 +1,291 @@ +/* $OpenBSD: ocsp_local.h,v 1.2 2022/01/14 08:32:26 tb Exp $ */ +/* Written by Tom Titchener for the OpenSSL + * project. */ + +/* History: + This file was transfered to Richard Levitte from CertCo by Kathy + Weinhold in mid-spring 2000 to be included in OpenSSL or released + as a patch kit. */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OCSP_LOCAL_H +#define HEADER_OCSP_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +/* CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +struct ocsp_cert_id_st { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; +} /* OCSP_CERTID */; + +/* Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_one_request_st { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; +} /* OCSP_ONEREQ */; + +/* TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_req_info_st { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; +} /* OCSP_REQINFO */; + +/* Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +struct ocsp_signature_st { + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} /* OCSP_SIGNATURE */; + +/* OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +struct ocsp_request_st { + OCSP_REQINFO *tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +} /* OCSP_REQUEST */; + +/* OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ + +/* ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +struct ocsp_resp_bytes_st { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +} /* OCSP_RESPBYTES */; + +/* OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; +}; + +/* ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +struct ocsp_responder_id_st { + int type; + union { + X509_NAME* byName; + ASN1_OCTET_STRING *byKey; + } value; +}; + +/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/* RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +struct ocsp_revoked_info_st { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +} /* OCSP_REVOKEDINFO */; + +/* CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +struct ocsp_cert_status_st { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; +} /* OCSP_CERTSTATUS */; + +/* SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_single_response_st { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +} /* OCSP_SINGLERESP */; + +/* ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID *responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +} /* OCSP_RESPDATA */; + +/* BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* Note 1: + The value for "signature" is specified in the OCSP rfc2560 as follows: + "The value for the signature SHALL be computed on the hash of the DER + encoding ResponseData." This means that you must hash the DER-encoded + tbsResponseData, and then run it through a crypto-signing function, which + will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems + a bit odd, but that's the spec. Also note that the data structures do not + leave anywhere to independently specify the algorithm used for the initial + hash. So, we look at the signature-specification algorithm, and try to do + something intelligent. -- Kathy Weinhold, CertCo */ + /* Note 2: + It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open + for interpretation. I've done tests against another responder, and found + that it doesn't do the double hashing that the RFC seems to say one + should. Therefore, all relevant functions take a flag saying which + variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ +struct ocsp_basic_response_st { + OCSP_RESPDATA *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} /* OCSP_BASICRESP */; + +/* CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +struct ocsp_crl_id_st { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; +} /* OCSP_CRLID */; + +/* ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +struct ocsp_service_locator_st { + X509_NAME* issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; +} /* OCSP_SERVICELOC */; + +#define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(&OCSP_REQINFO_it, \ + (o)->optionalSignature->signatureAlgorithm, NULL, \ + (o)->optionalSignature->signature,o->tbsRequest, (pkey), (md)) + +#define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ + (o)->signature,(o)->tbsResponseData,(pkey),(md)) + +#define OCSP_REQUEST_verify(a,r) \ + ASN1_item_verify(&OCSP_REQINFO_it, \ + (a)->optionalSignature->signatureAlgorithm, \ + (a)->optionalSignature->signature, (a)->tbsRequest, (r)) + +#define OCSP_BASICRESP_verify(a,r,d) \ + ASN1_item_verify(&OCSP_RESPDATA_it, \ + (a)->signatureAlgorithm, (a)->signature, (a)->tbsResponseData, (r)) + +__END_HIDDEN_DECLS + +#endif /* !HEADER_OCSP_LOCAL_H */ diff --git a/externals/libressl/crypto/ocsp/ocsp_prn.c b/externals/libressl/crypto/ocsp/ocsp_prn.c index 37d033adb..fecd14bbf 100755 --- a/externals/libressl/crypto/ocsp/ocsp_prn.c +++ b/externals/libressl/crypto/ocsp/ocsp_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_prn.c,v 1.8 2015/07/16 02:16:19 miod Exp $ */ +/* $OpenBSD: ocsp_prn.c,v 1.9 2022/01/07 09:45:52 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -66,6 +66,8 @@ #include #include +#include "ocsp_local.h" + static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) { diff --git a/externals/libressl/crypto/ocsp/ocsp_srv.c b/externals/libressl/crypto/ocsp/ocsp_srv.c index a9e0aaab2..d23520708 100755 --- a/externals/libressl/crypto/ocsp/ocsp_srv.c +++ b/externals/libressl/crypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.12 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,8 @@ #include #include +#include "ocsp_local.h" + /* Utility functions related to sending OCSP responses and extracting * relevant information from the request. */ @@ -213,7 +215,7 @@ OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) if (!sk_X509_push(resp->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } diff --git a/externals/libressl/crypto/ocsp/ocsp_vfy.c b/externals/libressl/crypto/ocsp/ocsp_vfy.c index ebdd82687..0da402fd4 100755 --- a/externals/libressl/crypto/ocsp/ocsp_vfy.c +++ b/externals/libressl/crypto/ocsp/ocsp_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_vfy.c,v 1.21 2022/01/22 00:33:02 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -60,6 +60,9 @@ #include #include +#include "ocsp_local.h" +#include "x509_lcl.h" + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); @@ -94,10 +97,9 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + skey = X509_get0_pubkey(signer); if (skey) { ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); } if (!skey || ret <= 0) { OCSPerror(OCSP_R_SIGNATURE_FAILURE); @@ -118,8 +120,11 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, goto end; } } - } else + } else if (certs != NULL) { + untrusted = certs; + } else { untrusted = bs->certs; + } init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; @@ -179,6 +184,13 @@ end: return ret; } +int +OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs) +{ + return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0; +} + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) @@ -395,9 +407,9 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + if ((skey = X509_get0_pubkey(signer)) == NULL) + return 0; ret = OCSP_REQUEST_verify(req, skey); - EVP_PKEY_free(skey); if (ret <= 0) { OCSPerror(OCSP_R_SIGNATURE_FAILURE); return 0; diff --git a/externals/libressl/crypto/pem/pem_info.c b/externals/libressl/crypto/pem/pem_info.c index 33c1de43f..aecdbb2e0 100755 --- a/externals/libressl/crypto/pem/pem_info.c +++ b/externals/libressl/crypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.24 2020/07/25 11:53:37 schwarze Exp $ */ +/* $OpenBSD: pem_info.c,v 1.25 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,6 +75,8 @@ #include #endif +#include "evp_locl.h" + STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) diff --git a/externals/libressl/crypto/pem/pem_lib.c b/externals/libressl/crypto/pem/pem_lib.c index f0126790e..7b7f81092 100755 --- a/externals/libressl/crypto/pem/pem_lib.c +++ b/externals/libressl/crypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.49 2019/09/06 17:41:05 jsing Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.50 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,6 +79,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" #define MIN_LENGTH 4 diff --git a/externals/libressl/crypto/pem/pem_pkey.c b/externals/libressl/crypto/pem/pem_pkey.c index 89181a25f..2e5800394 100755 --- a/externals/libressl/crypto/pem/pem_pkey.c +++ b/externals/libressl/crypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.25 2021/12/24 12:59:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,6 +74,7 @@ #endif #include "asn1_locl.h" +#include "evp_locl.h" int pem_check_suffix(const char *pem_str, const char *suffix); @@ -151,12 +152,21 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { - char pem_str[80]; - - if (!x->ameth || x->ameth->priv_encode) + if (x->ameth == NULL || x->ameth->priv_encode != NULL) return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, (char *)kstr, klen, cb, u); + return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, + u); +} + +int +PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u) +{ + char pem_str[80]; + (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, diff --git a/externals/libressl/crypto/pem/pem_xaux.c b/externals/libressl/crypto/pem/pem_xaux.c index 0dd81523b..68a785170 100755 --- a/externals/libressl/crypto/pem/pem_xaux.c +++ b/externals/libressl/crypto/pem/pem_xaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_xaux.c,v 1.9 2016/09/04 16:10:38 jsing Exp $ */ +/* $OpenBSD: pem_xaux.c,v 1.10 2021/10/31 16:28:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -92,31 +92,3 @@ PEM_write_bio_X509_AUX(BIO *bp, X509 *x) return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, bp, x, NULL, NULL, 0, NULL, NULL); } - -X509_CERT_PAIR * -PEM_read_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, - (void **)x, cb, u); -} - -int -PEM_write_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR *x) -{ - return PEM_ASN1_write((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, - x, NULL, NULL, 0, NULL, NULL); -} - -X509_CERT_PAIR * -PEM_read_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) -{ - return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, - (void **)x, cb, u); -} - -int -PEM_write_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR *x) -{ - return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, - x, NULL, NULL, 0, NULL, NULL); -} diff --git a/externals/libressl/crypto/pem/pvkfmt.c b/externals/libressl/crypto/pem/pvkfmt.c index abb7f7eec..dffe1a362 100755 --- a/externals/libressl/crypto/pem/pvkfmt.c +++ b/externals/libressl/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.22 2019/07/08 11:56:18 inoguchi Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.25 2022/01/07 09:55:31 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -74,6 +74,9 @@ #include #include "bn_lcl.h" +#include "dsa_locl.h" +#include "evp_locl.h" +#include "rsa_locl.h" /* Utility function: read a DWORD (4 byte unsigned integer) in little endian * format diff --git a/externals/libressl/crypto/pkcs12/p12_asn.c b/externals/libressl/crypto/pkcs12/p12_asn.c index 3baf8f43d..d152063e3 100755 --- a/externals/libressl/crypto/pkcs12/p12_asn.c +++ b/externals/libressl/crypto/pkcs12/p12_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */ +/* $OpenBSD: p12_asn.c,v 1.10 2022/01/14 08:16:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -230,7 +230,6 @@ static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = { static const ASN1_ADB PKCS12_BAGS_adb = { .flags = 0, .offset = offsetof(PKCS12_BAGS, type), - .app_items = 0, .tbl = PKCS12_BAGS_adbtbl, .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &bag_default_tt, @@ -369,7 +368,6 @@ static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = { static const ASN1_ADB PKCS12_SAFEBAG_adb = { .flags = 0, .offset = offsetof(PKCS12_SAFEBAG, type), - .app_items = 0, .tbl = PKCS12_SAFEBAG_adbtbl, .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &safebag_default_tt, diff --git a/externals/libressl/crypto/pkcs12/p12_attr.c b/externals/libressl/crypto/pkcs12/p12_attr.c index 65bfaa039..dc38b7c89 100755 --- a/externals/libressl/crypto/pkcs12/p12_attr.c +++ b/externals/libressl/crypto/pkcs12/p12_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */ +/* $OpenBSD: p12_attr.c,v 1.14 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -60,6 +60,8 @@ #include +#include "x509_lcl.h" + /* Add a local keyid to a safebag */ int @@ -125,10 +127,10 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) if (!attrs) return NULL; - for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) { - attrib = sk_X509_ATTRIBUTE_value (attrs, i); - if (OBJ_obj2nid (attrib->object) == attr_nid) { - if (sk_ASN1_TYPE_num (attrib->value.set)) + for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { + attrib = sk_X509_ATTRIBUTE_value(attrs, i); + if (OBJ_obj2nid(attrib->object) == attr_nid) { + if (sk_ASN1_TYPE_num(attrib->value.set)) return sk_ASN1_TYPE_value(attrib->value.set, 0); else return NULL; diff --git a/externals/libressl/crypto/pkcs12/p12_crpt.c b/externals/libressl/crypto/pkcs12/p12_crpt.c index d1f7d71fd..d21c9c178 100755 --- a/externals/libressl/crypto/pkcs12/p12_crpt.c +++ b/externals/libressl/crypto/pkcs12/p12_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_crpt.c,v 1.15 2021/07/09 14:07:59 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -101,13 +101,13 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } salt = pbe->salt->data; saltlen = pbe->salt->length; - if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, iter, EVP_CIPHER_key_length(cipher), key, md)) { PKCS12error(PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } - if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, iter, EVP_CIPHER_iv_length(cipher), iv, md)) { PKCS12error(PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); diff --git a/externals/libressl/crypto/pkcs12/p12_decr.c b/externals/libressl/crypto/pkcs12/p12_decr.c index 1ef5c4a89..c352ba565 100755 --- a/externals/libressl/crypto/pkcs12/p12_decr.c +++ b/externals/libressl/crypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.19 2018/05/13 14:22:34 tb Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.21 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "evp_locl.h" + /* Encrypt/Decrypt a buffer based on password and algor, result in a * malloc'ed buffer */ @@ -156,7 +158,7 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, unsigned char *in = NULL; int inlen; - if (!(oct = ASN1_OCTET_STRING_new ())) { + if (!(oct = ASN1_OCTET_STRING_new())) { PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/externals/libressl/crypto/pkcs12/p12_init.c b/externals/libressl/crypto/pkcs12/p12_init.c index 637c430bf..13dbe3664 100755 --- a/externals/libressl/crypto/pkcs12/p12_init.c +++ b/externals/libressl/crypto/pkcs12/p12_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_init.c,v 1.13 2022/01/20 11:18:49 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -72,8 +72,10 @@ PKCS12_init(int mode) PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } - ASN1_INTEGER_set(pkcs12->version, 3); - pkcs12->authsafes->type = OBJ_nid2obj(mode); + if (!ASN1_INTEGER_set(pkcs12->version, 3)) + goto err; + if ((pkcs12->authsafes->type = OBJ_nid2obj(mode)) == NULL) + goto err; switch (mode) { case NID_pkcs7_data: if (!(pkcs12->authsafes->d.data = diff --git a/externals/libressl/crypto/pkcs12/p12_key.c b/externals/libressl/crypto/pkcs12/p12_key.c index d419a9d83..38d25d2f6 100755 --- a/externals/libressl/crypto/pkcs12/p12_key.c +++ b/externals/libressl/crypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */ +/* $OpenBSD: p12_key.c,v 1.28 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "evp_locl.h" + /* PKCS12 compatible key/IV generation */ #ifndef min #define min(a,b) ((a) < (b) ? (a) : (b)) @@ -143,7 +145,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, !EVP_DigestFinal_ex(&ctx, Ai, NULL)) goto err; } - memcpy (out, Ai, min (n, u)); + memcpy(out, Ai, min(n, u)); if (u >= n) { ret = 1; goto end; @@ -153,9 +155,9 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, for (j = 0; j < v; j++) B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - if (!BN_bin2bn (B, v, Bpl1)) + if (!BN_bin2bn(B, v, Bpl1)) goto err; - if (!BN_add_word (Bpl1, 1)) + if (!BN_add_word(Bpl1, 1)) goto err; for (j = 0; j < Ilen; j += v) { if (!BN_bin2bn(I + j, v, Ij)) @@ -164,12 +166,12 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, goto err; if (!BN_bn2bin(Ij, B)) goto err; - Ijlen = BN_num_bytes (Ij); + Ijlen = BN_num_bytes(Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (Ijlen > v) { - if (!BN_bn2bin (Ij, B)) + if (!BN_bn2bin(Ij, B)) goto err; - memcpy (I + j, B + 1, v); + memcpy(I + j, B + 1, v); #ifndef PKCS12_BROKEN_KEYGEN /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { @@ -177,7 +179,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, if (!BN_bn2bin(Ij, I + j + v - Ijlen)) goto err; #endif - } else if (!BN_bn2bin (Ij, I + j)) + } else if (!BN_bn2bin(Ij, I + j)) goto err; } } diff --git a/externals/libressl/crypto/pkcs12/p12_kiss.c b/externals/libressl/crypto/pkcs12/p12_kiss.c index 102ca3563..54a809260 100755 --- a/externals/libressl/crypto/pkcs12/p12_kiss.c +++ b/externals/libressl/crypto/pkcs12/p12_kiss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_kiss.c,v 1.21 2021/07/09 14:08:00 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -125,17 +125,19 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, return 0; } - if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { + if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { PKCS12error(PKCS12_R_PARSE_ERROR); goto err; } while ((x = sk_X509_pop(ocerts))) { if (pkey && *pkey && cert && !*cert) { + ERR_set_mark(); if (X509_check_private_key(x, *pkey)) { *cert = x; x = NULL; } + ERR_pop_to_mark(); } if (ca && x) { @@ -177,11 +179,11 @@ parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, int i, bagnid; PKCS7 *p7; - if (!(asafes = PKCS12_unpack_authsafes (p12))) + if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0; - for (i = 0; i < sk_PKCS7_num (asafes); i++) { - p7 = sk_PKCS7_value (asafes, i); - bagnid = OBJ_obj2nid (p7->type); + for (i = 0; i < sk_PKCS7_num(asafes); i++) { + p7 = sk_PKCS7_value(asafes, i); + bagnid = OBJ_obj2nid(p7->type); if (bagnid == NID_pkcs7_data) { bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { @@ -227,10 +229,10 @@ parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, ASN1_BMPSTRING *fname = NULL; ASN1_OCTET_STRING *lkid = NULL; - if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) + if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) + if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) lkid = attrib->value.octet_string; switch (OBJ_obj2nid(bag->type)) { diff --git a/externals/libressl/crypto/pkcs12/p12_mutl.c b/externals/libressl/crypto/pkcs12/p12_mutl.c index f3132ec75..f3a6ea3ba 100755 --- a/externals/libressl/crypto/pkcs12/p12_mutl.c +++ b/externals/libressl/crypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,6 +68,10 @@ #include #include +#include "evp_locl.h" +#include "hmac_local.h" +#include "x509_lcl.h" + /* Generate a MAC */ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, @@ -192,7 +196,7 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, if (!salt) arc4random_buf(p12->mac->salt->data, saltlen); else - memcpy (p12->mac->salt->data, salt, saltlen); + memcpy(p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { PKCS12error(ERR_R_MALLOC_FAILURE); diff --git a/externals/libressl/crypto/pkcs12/p12_npas.c b/externals/libressl/crypto/pkcs12/p12_npas.c index d6b12edab..62ec368af 100755 --- a/externals/libressl/crypto/pkcs12/p12_npas.c +++ b/externals/libressl/crypto/pkcs12/p12_npas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */ +/* $OpenBSD: p12_npas.c,v 1.14 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_lcl.h" + /* PKCS#12 password change routine */ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); diff --git a/externals/libressl/crypto/pkcs12/p12_p8d.c b/externals/libressl/crypto/pkcs12/p12_p8d.c index 0286d4acf..ce1b28bc2 100755 --- a/externals/libressl/crypto/pkcs12/p12_p8d.c +++ b/externals/libressl/crypto/pkcs12/p12_p8d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8d.c,v 1.7 2018/05/13 14:28:14 tb Exp $ */ +/* $OpenBSD: p12_p8d.c,v 1.8 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -60,6 +60,8 @@ #include +#include "x509_lcl.h" + PKCS8_PRIV_KEY_INFO * PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen) { diff --git a/externals/libressl/crypto/pkcs12/p12_p8e.c b/externals/libressl/crypto/pkcs12/p12_p8e.c index 5e3fc6486..7f5f61d69 100755 --- a/externals/libressl/crypto/pkcs12/p12_p8e.c +++ b/externals/libressl/crypto/pkcs12/p12_p8e.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_p8e.c,v 1.9 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -61,6 +61,8 @@ #include #include +#include "x509_lcl.h" + X509_SIG * PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, diff --git a/externals/libressl/crypto/pkcs7/pk7_asn1.c b/externals/libressl/crypto/pkcs7/pk7_asn1.c index 81e4a01f1..66659051a 100755 --- a/externals/libressl/crypto/pkcs7/pk7_asn1.c +++ b/externals/libressl/crypto/pkcs7/pk7_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_asn1.c,v 1.12 2015/07/25 15:33:06 jsing Exp $ */ +/* $OpenBSD: pk7_asn1.c,v 1.13 2022/01/14 08:16:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -146,7 +146,6 @@ static const ASN1_ADB_TABLE PKCS7_adbtbl[] = { static const ASN1_ADB PKCS7_adb = { .flags = 0, .offset = offsetof(PKCS7, type), - .app_items = 0, .tbl = PKCS7_adbtbl, .tblcount = sizeof(PKCS7_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &p7default_tt, diff --git a/externals/libressl/crypto/pkcs7/pk7_doit.c b/externals/libressl/crypto/pkcs7/pk7_doit.c index 81a72f681..c9d64bcf3 100755 --- a/externals/libressl/crypto/pkcs7/pk7_doit.c +++ b/externals/libressl/crypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.44 2019/10/04 18:03:55 tb Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.46 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); diff --git a/externals/libressl/crypto/pkcs7/pk7_lib.c b/externals/libressl/crypto/pkcs7/pk7_lib.c index afcc17924..7e92df1e9 100755 --- a/externals/libressl/crypto/pkcs7/pk7_lib.c +++ b/externals/libressl/crypto/pkcs7/pk7_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_lib.c,v 1.21 2020/01/21 10:18:52 inoguchi Exp $ */ +/* $OpenBSD: pk7_lib.c,v 1.23 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include "asn1_locl.h" +#include "evp_locl.h" +#include "x509_lcl.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) diff --git a/externals/libressl/crypto/pkcs7/pk7_smime.c b/externals/libressl/crypto/pkcs7/pk7_smime.c index bf9f2dd82..f11d23e30 100755 --- a/externals/libressl/crypto/pkcs7/pk7_smime.c +++ b/externals/libressl/crypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.23 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_lcl.h" + static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 * diff --git a/externals/libressl/crypto/rc4/rc4-masm-x86_64.S b/externals/libressl/crypto/rc4/rc4-masm-x86_64.S index b930d98ab..a15566ee0 100755 --- a/externals/libressl/crypto/rc4/rc4-masm-x86_64.S +++ b/externals/libressl/crypto/rc4/rc4-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/rc4/rc4-md5-masm-x86_64.S b/externals/libressl/crypto/rc4/rc4-md5-masm-x86_64.S index 3357567b4..0d2e8d55d 100755 --- a/externals/libressl/crypto/rc4/rc4-md5-masm-x86_64.S +++ b/externals/libressl/crypto/rc4/rc4-md5-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/rc4/rc4_enc.c b/externals/libressl/crypto/rc4/rc4_enc.c index bd928b58c..aa2766a13 100755 --- a/externals/libressl/crypto/rc4/rc4_enc.c +++ b/externals/libressl/crypto/rc4/rc4_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rc4_enc.c,v 1.16 2017/08/13 17:46:24 bcook Exp $ */ +/* $OpenBSD: rc4_enc.c,v 1.17 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,7 +56,8 @@ * [including the GNU Public Licence.] */ -#include +#include + #include #include "rc4_locl.h" diff --git a/externals/libressl/crypto/rsa/rsa_ameth.c b/externals/libressl/crypto/rsa/rsa_ameth.c index d373d7c13..57fe46a97 100755 --- a/externals/libressl/crypto/rsa/rsa_ameth.c +++ b/externals/libressl/crypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -916,6 +916,12 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +static int +rsa_pkey_check(const EVP_PKEY *pkey) +{ + return RSA_check_key(pkey->pkey.rsa); +} + #ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS * rsa_oaep_decode(const X509_ALGOR *alg) @@ -1105,14 +1111,18 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { .old_priv_decode = old_rsa_priv_decode, .old_priv_encode = old_rsa_priv_encode, .item_verify = rsa_item_verify, - .item_sign = rsa_item_sign + .item_sign = rsa_item_sign, + + .pkey_check = rsa_pkey_check, }, { .pkey_id = EVP_PKEY_RSA2, .pkey_base_id = EVP_PKEY_RSA, - .pkey_flags = ASN1_PKEY_ALIAS - } + .pkey_flags = ASN1_PKEY_ALIAS, + + .pkey_check = rsa_pkey_check, + }, }; const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { diff --git a/externals/libressl/crypto/rsa/rsa_chk.c b/externals/libressl/crypto/rsa/rsa_chk.c index 5345d31df..ac9dbf7a2 100755 --- a/externals/libressl/crypto/rsa/rsa_chk.c +++ b/externals/libressl/crypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_chk.c,v 1.16 2022/01/20 11:08:12 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -53,6 +53,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" int RSA_check_key(const RSA *key) @@ -80,6 +81,15 @@ RSA_check_key(const RSA *key) goto err; } + if (BN_is_one(key->e)) { + ret = 0; + RSAerror(RSA_R_BAD_E_VALUE); + } + if (!BN_is_odd(key->e)) { + ret = 0; + RSAerror(RSA_R_BAD_E_VALUE); + } + /* p prime? */ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); if (r != 1) { @@ -189,7 +199,7 @@ RSA_check_key(const RSA *key) } /* iqmp = q^-1 mod p? */ - if (!BN_mod_inverse_ct(i, key->q, key->p, ctx)) { + if (BN_mod_inverse_ct(i, key->q, key->p, ctx) == NULL) { ret = -1; goto err; } diff --git a/externals/libressl/crypto/rsa/rsa_crpt.c b/externals/libressl/crypto/rsa/rsa_crpt.c index a646ded4a..4fd21cd74 100755 --- a/externals/libressl/crypto/rsa/rsa_crpt.c +++ b/externals/libressl/crypto/rsa/rsa_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_crpt.c,v 1.19 2018/02/18 12:52:13 tb Exp $ */ +/* $OpenBSD: rsa_crpt.c,v 1.20 2022/01/07 09:55:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,6 +67,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" #ifndef OPENSSL_NO_ENGINE #include diff --git a/externals/libressl/crypto/rsa/rsa_depr.c b/externals/libressl/crypto/rsa/rsa_depr.c index b830a2293..54a669ccc 100755 --- a/externals/libressl/crypto/rsa/rsa_depr.c +++ b/externals/libressl/crypto/rsa/rsa_depr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_depr.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: rsa_depr.c,v 1.9 2021/12/04 16:08:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -64,6 +64,8 @@ #include #include +#include "bn_lcl.h" + #ifndef OPENSSL_NO_DEPRECATED RSA * diff --git a/externals/libressl/crypto/rsa/rsa_eay.c b/externals/libressl/crypto/rsa/rsa_eay.c index 33201a8a8..0f8c324dc 100755 --- a/externals/libressl/crypto/rsa/rsa_eay.c +++ b/externals/libressl/crypto/rsa/rsa_eay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_eay.c,v 1.51 2019/11/02 13:52:31 jsing Exp $ */ +/* $OpenBSD: rsa_eay.c,v 1.54 2022/01/20 11:10:11 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -119,6 +119,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -446,7 +447,8 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else @@ -753,6 +755,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; /* compute I mod p */ + BN_init(&c); BN_with_flags(&c, I, BN_FLG_CONSTTIME); if (!BN_mod_ct(r1, &c, rsa->p, ctx)) diff --git a/externals/libressl/crypto/rsa/rsa_gen.c b/externals/libressl/crypto/rsa/rsa_gen.c index 596eb8eb7..5f062a7a2 100755 --- a/externals/libressl/crypto/rsa/rsa_gen.c +++ b/externals/libressl/crypto/rsa/rsa_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_gen.c,v 1.25 2022/01/20 11:11:17 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,7 @@ #include #include "bn_lcl.h" +#include "rsa_locl.h" static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); @@ -194,12 +195,14 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_mul(r0, r1, r2, ctx)) /* (p-1)(q-1) */ goto err; + BN_init(&pr0); BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME); - if (!BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx)) /* d */ + if (BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx) == NULL) /* d */ goto err; /* set up d for correct BN_FLG_CONSTTIME flag */ + BN_init(&d); BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); /* calculate d mod (p-1) */ @@ -211,8 +214,9 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) goto err; /* calculate inverse of q mod p */ + BN_init(&p); BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); - if (!BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx)) + if (BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx) == NULL) goto err; ok = 1; diff --git a/externals/libressl/crypto/rsa/rsa_lib.c b/externals/libressl/crypto/rsa/rsa_lib.c index 0b76aae39..ddf3f1ba7 100755 --- a/externals/libressl/crypto/rsa/rsa_lib.c +++ b/externals/libressl/crypto/rsa/rsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_lib.c,v 1.40 2020/01/17 10:40:03 inoguchi Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.42 2022/01/07 09:55:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,7 @@ #include #include "evp_locl.h" +#include "rsa_locl.h" #ifndef OPENSSL_NO_ENGINE #include @@ -336,6 +337,60 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) return 1; } +const BIGNUM * +RSA_get0_n(const RSA *r) +{ + return r->n; +} + +const BIGNUM * +RSA_get0_e(const RSA *r) +{ + return r->e; +} + +const BIGNUM * +RSA_get0_d(const RSA *r) +{ + return r->d; +} + +const BIGNUM * +RSA_get0_p(const RSA *r) +{ + return r->p; +} + +const BIGNUM * +RSA_get0_q(const RSA *r) +{ + return r->q; +} + +const BIGNUM * +RSA_get0_dmp1(const RSA *r) +{ + return r->dmp1; +} + +const BIGNUM * +RSA_get0_dmq1(const RSA *r) +{ + return r->dmq1; +} + +const BIGNUM * +RSA_get0_iqmp(const RSA *r) +{ + return r->iqmp; +} + +const RSA_PSS_PARAMS * +RSA_get0_pss_params(const RSA *r) +{ + return r->pss; +} + void RSA_clear_flags(RSA *r, int flags) { diff --git a/externals/libressl/crypto/rsa/rsa_locl.h b/externals/libressl/crypto/rsa/rsa_locl.h index 7036449c3..9eae2b3a2 100755 --- a/externals/libressl/crypto/rsa/rsa_locl.h +++ b/externals/libressl/crypto/rsa/rsa_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_locl.h,v 1.11 2019/11/02 13:47:41 jsing Exp $ */ +/* $OpenBSD: rsa_locl.h,v 1.12 2022/01/14 08:34:39 tb Exp $ */ __BEGIN_HIDDEN_DECLS @@ -8,6 +8,80 @@ __BEGIN_HIDDEN_DECLS #define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) #define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) +struct rsa_meth_st { + const char *name; + int (*rsa_pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ + int flags; /* RSA_METHOD_FLAG_* things */ + char *app_data; /* may be needed! */ +/* New sign and verify functions: some libraries don't allow arbitrary data + * to be signed/verified: this allows them to be used. Note: for this to work + * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used + * RSA_sign(), RSA_verify() should be used instead. Note: for backwards + * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER + * option is set in 'flags'. + */ + int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +/* If this callback is NULL, the builtin software RSA key-gen will be used. This + * is for behavioural compatibility whilst the code gets rewired, but one day + * it would be nice to assume there are no such things as "builtin software" + * implementations. */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +}; + +struct rsa_st { + /* The first parameter is used to pickup errors where + * this is passed instead of aEVP_PKEY, it is set to 0 */ + int pad; + long version; + const RSA_METHOD *meth; + + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + /* Parameter restrictions for PSS only keys. */ + RSA_PSS_PARAMS *pss; + + /* be careful using this if the RSA structure is shared */ + CRYPTO_EX_DATA ex_data; + int references; + int flags; + + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + BN_BLINDING *blinding; + BN_BLINDING *mt_blinding; +}; + RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen); int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, diff --git a/externals/libressl/crypto/rsa/rsa_meth.c b/externals/libressl/crypto/rsa/rsa_meth.c index 095368b0c..8ae929dc3 100755 --- a/externals/libressl/crypto/rsa/rsa_meth.c +++ b/externals/libressl/crypto/rsa/rsa_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_meth.c,v 1.3 2019/06/05 15:41:33 gilles Exp $ */ +/* $OpenBSD: rsa_meth.c,v 1.4 2022/01/07 09:55:32 tb Exp $ */ /* * Copyright (c) 2018 Theo Buehler * @@ -21,6 +21,8 @@ #include #include +#include "rsa_locl.h" + RSA_METHOD * RSA_meth_new(const char *name, int flags) { diff --git a/externals/libressl/crypto/rsa/rsa_oaep.c b/externals/libressl/crypto/rsa/rsa_oaep.c index e54600b09..932695009 100755 --- a/externals/libressl/crypto/rsa/rsa_oaep.c +++ b/externals/libressl/crypto/rsa/rsa_oaep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_oaep.c,v 1.33 2019/10/17 14:31:56 jsing Exp $ */ +/* $OpenBSD: rsa_oaep.c,v 1.35 2022/02/20 19:16:34 tb Exp $ */ /* * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -80,6 +80,7 @@ #include #include "constant_time_locl.h" +#include "evp_locl.h" #include "rsa_locl.h" int @@ -223,17 +224,16 @@ RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, from -= 1 & mask; *--em = *from & mask; } - from = em; /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(from[0]); + good = constant_time_is_zero(em[0]); - maskedseed = from + 1; - maskeddb = from + 1 + mdlen; + maskedseed = em + 1; + maskeddb = em + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; @@ -289,15 +289,16 @@ RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, * should be noted that failure is indistinguishable from normal * operation if |tlen| is fixed by protocol. */ - tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen); + tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen), + dblen - mdlen - 1, tlen); msg_index = constant_time_select_int(good, msg_index, dblen - tlen); mlen = dblen - msg_index; - for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) { - unsigned int equals = constant_time_eq(i, mlen); + for (mask = good, i = 0; i < tlen; i++) { + unsigned int equals = constant_time_eq(msg_index, dblen); - from -= dblen & equals; /* if (i == mlen) rewind */ - mask &= mask ^ equals; /* if (i == mlen) mask = 0 */ - to[i] = constant_time_select_8(mask, from[i], to[i]); + msg_index -= tlen & equals; /* rewind at EOF */ + mask &= ~equals; /* mask = 0 at EOF */ + to[i] = constant_time_select_8(mask, db[msg_index++], to[i]); } /* diff --git a/externals/libressl/crypto/rsa/rsa_pmeth.c b/externals/libressl/crypto/rsa/rsa_pmeth.c index 008d425bd..36a2a2772 100755 --- a/externals/libressl/crypto/rsa/rsa_pmeth.c +++ b/externals/libressl/crypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.32 2019/10/31 14:05:30 jsing Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.33 2021/12/04 16:08:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -70,6 +70,7 @@ #include #include +#include "bn_lcl.h" #include "evp_locl.h" #include "rsa_locl.h" diff --git a/externals/libressl/crypto/rsa/rsa_pss.c b/externals/libressl/crypto/rsa/rsa_pss.c index 562f7b252..cce38efa9 100755 --- a/externals/libressl/crypto/rsa/rsa_pss.c +++ b/externals/libressl/crypto/rsa/rsa_pss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pss.c,v 1.13 2018/09/05 00:55:33 djm Exp $ */ +/* $OpenBSD: rsa_pss.c,v 1.15 2022/01/07 09:55:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -66,6 +66,9 @@ #include #include +#include "evp_locl.h" +#include "rsa_locl.h" + static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; int diff --git a/externals/libressl/crypto/rsa/rsa_sign.c b/externals/libressl/crypto/rsa/rsa_sign.c index 50e07f4f1..bd45a95d5 100755 --- a/externals/libressl/crypto/rsa/rsa_sign.c +++ b/externals/libressl/crypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.31 2018/09/05 00:55:33 djm Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.34 2022/01/07 11:13:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,7 +65,9 @@ #include #include +#include "asn1_locl.h" #include "rsa_locl.h" +#include "x509_lcl.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -108,7 +110,7 @@ encode_pkcs1(unsigned char **out, int *out_len, int type, sig.algor->parameter = ¶meter; sig.digest = &digest; - sig.digest->data = (unsigned char*)m; /* TMP UGLY CAST */ + sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */ sig.digest->length = m_len; if ((len = i2d_X509_SIG(&sig, &der)) < 0) @@ -194,7 +196,7 @@ int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, if ((decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, RSA_PKCS1_PADDING)) <= 0) goto err; - + if (type == NID_md5_sha1) { /* * NID_md5_sha1 corresponds to the MD5/SHA1 combination in @@ -229,7 +231,7 @@ int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, if (rm != NULL) { const EVP_MD *md; - if ((md = EVP_get_digestbynid(type)) == NULL) { + if ((md = EVP_get_digestbynid(type)) == NULL) { RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE); goto err; } diff --git a/externals/libressl/crypto/sha/sha1-masm-x86_64.S b/externals/libressl/crypto/sha/sha1-masm-x86_64.S index 36d8732e0..f520b5a86 100755 --- a/externals/libressl/crypto/sha/sha1-masm-x86_64.S +++ b/externals/libressl/crypto/sha/sha1-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/sha/sha256-masm-x86_64.S b/externals/libressl/crypto/sha/sha256-masm-x86_64.S index 33c705d3c..7c182f90b 100755 --- a/externals/libressl/crypto/sha/sha256-masm-x86_64.S +++ b/externals/libressl/crypto/sha/sha256-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/sha/sha256.c b/externals/libressl/crypto/sha/sha256.c index 9c05d3b0f..e826ca9e1 100755 --- a/externals/libressl/crypto/sha/sha256.c +++ b/externals/libressl/crypto/sha/sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha256.c,v 1.10 2019/01/21 23:20:31 jsg Exp $ */ +/* $OpenBSD: sha256.c,v 1.11 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. @@ -9,8 +9,7 @@ #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -#include - +#include #include #include diff --git a/externals/libressl/crypto/sha/sha512-masm-x86_64.S b/externals/libressl/crypto/sha/sha512-masm-x86_64.S index 4a2b9afb6..e964d9c83 100755 --- a/externals/libressl/crypto/sha/sha512-masm-x86_64.S +++ b/externals/libressl/crypto/sha/sha512-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/sha/sha512.c b/externals/libressl/crypto/sha/sha512.c index 6b95cfa72..56a207f7d 100755 --- a/externals/libressl/crypto/sha/sha512.c +++ b/externals/libressl/crypto/sha/sha512.c @@ -1,12 +1,11 @@ -/* $OpenBSD: sha512.c,v 1.15 2016/11/04 13:56:05 miod Exp $ */ +/* $OpenBSD: sha512.c,v 1.16 2021/11/09 18:40:21 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. * ==================================================================== */ -#include - +#include #include #include diff --git a/externals/libressl/crypto/sha/sha_locl.h b/externals/libressl/crypto/sha/sha_locl.h index 46c9a39be..5daab29fd 100755 --- a/externals/libressl/crypto/sha/sha_locl.h +++ b/externals/libressl/crypto/sha/sha_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sha_locl.h,v 1.23 2016/12/23 23:22:25 patrick Exp $ */ +/* $OpenBSD: sha_locl.h,v 1.24 2021/11/09 18:40:21 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -186,7 +186,7 @@ int SHA1_Init(SHA_CTX *c) #endif #if !defined(SHA1_ASM) -#include +#include static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; diff --git a/externals/libressl/crypto/ts/ts_lib.c b/externals/libressl/crypto/ts/ts_lib.c index 293564118..b6d50a36f 100755 --- a/externals/libressl/crypto/ts/ts_lib.c +++ b/externals/libressl/crypto/ts/ts_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_lib.c,v 1.10 2015/09/10 14:29:22 jsing Exp $ */ +/* $OpenBSD: ts_lib.c,v 1.12 2021/12/04 16:08:32 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -64,6 +64,9 @@ #include #include +#include "bn_lcl.h" +#include "x509_lcl.h" + /* Local function declarations. */ /* Function definitions. */ diff --git a/externals/libressl/crypto/ts/ts_rsp_sign.c b/externals/libressl/crypto/ts/ts_rsp_sign.c index 6125fdd4b..470cbfb7e 100755 --- a/externals/libressl/crypto/ts/ts_rsp_sign.c +++ b/externals/libressl/crypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.23 2019/07/03 03:24:04 deraadt Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.26 2021/12/12 21:30:14 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -65,6 +65,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + /* Private function declarations. */ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); @@ -847,14 +850,18 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; + unsigned char cert_hash[TS_HASH_LEN]; /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); if (!(cid = ESS_CERT_ID_new())) goto err; - if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, - sizeof(cert->sha1_hash))) + + if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL)) + goto err; + + if (!ASN1_OCTET_STRING_set(cid->hash, cert_hash, sizeof(cert_hash))) goto err; /* Setting the issuer/serial if requested. */ diff --git a/externals/libressl/crypto/ts/ts_rsp_verify.c b/externals/libressl/crypto/ts/ts_rsp_verify.c index 36ead0671..8b15760be 100755 --- a/externals/libressl/crypto/ts/ts_rsp_verify.c +++ b/externals/libressl/crypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.24 2021/12/12 21:30:14 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -64,6 +64,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + /* Private function declarations. */ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, @@ -323,10 +326,14 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; + unsigned char cert_hash[TS_HASH_LEN]; if (!cert_ids || !cert) return -1; + if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL)) + return -1; + /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); @@ -335,9 +342,8 @@ TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); /* Check the SHA-1 hash first. */ - if (cid->hash->length == sizeof(cert->sha1_hash) && - !memcmp(cid->hash->data, cert->sha1_hash, - sizeof(cert->sha1_hash))) { + if (cid->hash->length == TS_HASH_LEN && !memcmp(cid->hash->data, + cert_hash, TS_HASH_LEN)) { /* Check the issuer/serial as well if specified. */ ESS_ISSUER_SERIAL *is = cid->issuer_serial; if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) @@ -593,35 +599,40 @@ TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) } static int -TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, - unsigned char **imprint, unsigned *imprint_len) +TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **out_md_alg, + unsigned char **out_imprint, unsigned int *out_imprint_len) { - TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); - X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + TS_MSG_IMPRINT *msg_imprint; + X509_ALGOR *md_alg_resp; + X509_ALGOR *md_alg = NULL; + unsigned char *imprint = NULL; + unsigned int imprint_len = 0; const EVP_MD *md; EVP_MD_CTX md_ctx; unsigned char buffer[4096]; int length; - *md_alg = NULL; - *imprint = NULL; + *out_md_alg = NULL; + *out_imprint = NULL; + *out_imprint_len = 0; - /* Return the MD algorithm of the response. */ - if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) + /* Retrieve the MD algorithm of the response. */ + msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); + md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + if ((md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL) goto err; /* Getting the MD object. */ - if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { + if ((md = EVP_get_digestbyobj((md_alg)->algorithm)) == NULL) { TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM); goto err; } /* Compute message digest. */ - length = EVP_MD_size(md); - if (length < 0) + if ((length = EVP_MD_size(md)) < 0) goto err; - *imprint_len = length; - if (!(*imprint = malloc(*imprint_len))) { + imprint_len = length; + if ((imprint = malloc(imprint_len)) == NULL) { TSerror(ERR_R_MALLOC_FAILURE); goto err; } @@ -632,16 +643,20 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, if (!EVP_DigestUpdate(&md_ctx, buffer, length)) goto err; } - if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) + if (!EVP_DigestFinal(&md_ctx, imprint, NULL)) goto err; + *out_md_alg = md_alg; + md_alg = NULL; + *out_imprint = imprint; + imprint = NULL; + *out_imprint_len = imprint_len; + return 1; err: - X509_ALGOR_free(*md_alg); - free(*imprint); - *imprint = NULL; - *imprint_len = 0; + X509_ALGOR_free(md_alg); + free(imprint); return 0; } @@ -711,7 +726,7 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check the subject name first. */ if (tsa_name->type == GEN_DIRNAME && - X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + X509_NAME_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) return 1; /* Check all the alternative names. */ diff --git a/externals/libressl/crypto/whrlpool/wp-masm-x86_64.S b/externals/libressl/crypto/whrlpool/wp-masm-x86_64.S index 78cf97c11..71f0c012a 100755 --- a/externals/libressl/crypto/whrlpool/wp-masm-x86_64.S +++ b/externals/libressl/crypto/whrlpool/wp-masm-x86_64.S @@ -1,7 +1,7 @@ ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 340 "" 3 +; 343 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp" 2 diff --git a/externals/libressl/crypto/whrlpool/wp_block.c b/externals/libressl/crypto/whrlpool/wp_block.c index 1e00a0133..b2137d643 100755 --- a/externals/libressl/crypto/whrlpool/wp_block.c +++ b/externals/libressl/crypto/whrlpool/wp_block.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wp_block.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: wp_block.c,v 1.14 2021/11/09 18:40:21 bcook Exp $ */ /** * The Whirlpool hashing function. * @@ -36,9 +36,9 @@ * */ +#include #include #include -#include #include "wp_locl.h" diff --git a/externals/libressl/crypto/x509/by_dir.c b/externals/libressl/crypto/x509/by_dir.c index 04eada8ad..fa05f552f 100755 --- a/externals/libressl/crypto/x509/by_dir.c +++ b/externals/libressl/crypto/x509/by_dir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_dir.c,v 1.39 2018/08/05 14:17:12 bcook Exp $ */ +/* $OpenBSD: by_dir.c,v 1.41 2021/11/10 14:34:21 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -67,10 +68,9 @@ #include #include -#include #include -# include +#include "x509_lcl.h" typedef struct lookup_dir_hashes_st { unsigned long hash; @@ -115,7 +115,7 @@ static X509_LOOKUP_METHOD x509_dir_lookup = { X509_LOOKUP_METHOD * X509_LOOKUP_hash_dir(void) { - return (&x509_dir_lookup); + return &x509_dir_lookup; } static int @@ -139,7 +139,7 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, ret = add_cert_dir(ld, argp, (int)argl); break; } - return (ret); + return ret; } static int @@ -147,15 +147,18 @@ new_dir(X509_LOOKUP *lu) { BY_DIR *a; - if ((a = malloc(sizeof(BY_DIR))) == NULL) - return (0); + if ((a = malloc(sizeof(*a))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } if ((a->buffer = BUF_MEM_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); free(a); - return (0); + return 0; } a->dirs = NULL; lu->method_data = (char *)a; - return (1); + return 1; } static void @@ -179,8 +182,7 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent) { free(ent->dir); - if (ent->hashes) - sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); + sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); free(ent); } @@ -190,10 +192,8 @@ free_dir(X509_LOOKUP *lu) BY_DIR *a; a = (BY_DIR *)lu->method_data; - if (a->dirs != NULL) - sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); - if (a->buffer != NULL) - BUF_MEM_free(a->buffer); + sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); + BUF_MEM_free(a->buffer); free(a); } @@ -214,6 +214,7 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type) do { if ((*p == ':') || (*p == '\0')) { BY_DIR_ENTRY *ent; + ss = s; s = p + 1; len = p - ss; @@ -229,20 +230,20 @@ add_cert_dir(BY_DIR *ctx, const char *dir, int type) continue; if (ctx->dirs == NULL) { ctx->dirs = sk_BY_DIR_ENTRY_new_null(); - if (!ctx->dirs) { + if (ctx->dirs == NULL) { X509error(ERR_R_MALLOC_FAILURE); return 0; } } - ent = malloc(sizeof(BY_DIR_ENTRY)); - if (!ent) { + ent = malloc(sizeof(*ent)); + if (ent == NULL) { X509error(ERR_R_MALLOC_FAILURE); return 0; } ent->dir_type = type; ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); ent->dir = strndup(ss, (size_t)len); - if (!ent->dir || !ent->hashes) { + if (ent->dir == NULL || ent->hashes == NULL) { X509error(ERR_R_MALLOC_FAILURE); by_dir_entry_free(ent); return 0; @@ -280,7 +281,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, const char *postfix=""; if (name == NULL) - return (0); + return 0; stmp.type = type; if (type == X509_LU_X509) { @@ -310,6 +311,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, BY_DIR_ENTRY *ent; int idx; BY_DIR_HASH htmp, *hent; + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; if (!BUF_MEM_grow(b, j)) { @@ -358,10 +360,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull it out again */ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); - if (j != -1) - tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - else - tmp = NULL; + tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); /* If a CRL, update the last file suffix added for this */ @@ -371,16 +370,14 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * Look for entry again in case another thread added * an entry first. */ - if (!hent) { + if (hent == NULL) { htmp.hash = h; idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); - if (idx >= 0) - hent = sk_BY_DIR_HASH_value( - ent->hashes, idx); + hent = sk_BY_DIR_HASH_value(ent->hashes, idx); } - if (!hent) { - hent = malloc(sizeof(BY_DIR_HASH)); - if (!hent) { + if (hent == NULL) { + hent = malloc(sizeof(*hent)); + if (hent == NULL) { X509error(ERR_R_MALLOC_FAILURE); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ok = 0; @@ -406,17 +403,10 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ok = 1; ret->type = tmp->type; memcpy(&ret->data, &tmp->data, sizeof(ret->data)); - /* - * If we were going to up the reference count, - * we would need to do it on a perl 'type' basis - */ - /* CRYPTO_add(&tmp->data.x509->references,1, - CRYPTO_LOCK_X509);*/ goto finish; } } finish: - if (b != NULL) - BUF_MEM_free(b); - return (ok); + BUF_MEM_free(b); + return ok; } diff --git a/externals/libressl/crypto/x509/by_file.c b/externals/libressl/crypto/x509/by_file.c index b2c8ef6cf..3116b7cf1 100755 --- a/externals/libressl/crypto/x509/by_file.c +++ b/externals/libressl/crypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: by_file.c,v 1.25 2021/11/10 13:57:42 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,9 +64,10 @@ #include #include #include -#include #include +#include "x509_lcl.h" + static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -86,7 +87,7 @@ static X509_LOOKUP_METHOD x509_file_lookup = { X509_LOOKUP_METHOD * X509_LOOKUP_file(void) { - return (&x509_file_lookup); + return &x509_file_lookup; } static int @@ -114,7 +115,7 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, } break; } - return (ok); + return ok; } int @@ -125,9 +126,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509 *x = NULL; - if (file == NULL) - return (1); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { X509error(ERR_R_SYS_LIB); @@ -136,7 +135,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -172,7 +171,7 @@ X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) err: X509_free(x); BIO_free(in); - return (ret); + return ret; } int @@ -183,9 +182,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509_CRL *x = NULL; - if (file == NULL) - return (1); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { X509error(ERR_R_SYS_LIB); @@ -194,7 +191,7 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -228,10 +225,9 @@ X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) goto err; } err: - if (x != NULL) - X509_CRL_free(x); + X509_CRL_free(x); BIO_free(in); - return (ret); + return ret; } int @@ -241,6 +237,7 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509_INFO *itmp; BIO *in; int i, count = 0; + if (type != X509_FILETYPE_PEM) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); @@ -248,7 +245,7 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509error(ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509error(ERR_R_PEM_LIB); @@ -265,6 +262,8 @@ X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) count++; } } + if (count == 0) + X509error(X509_R_NO_CERTIFICATE_OR_CRL_FOUND); sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } diff --git a/externals/libressl/crypto/x509/by_mem.c b/externals/libressl/crypto/x509/by_mem.c index 34d4040d8..272877f84 100755 --- a/externals/libressl/crypto/x509/by_mem.c +++ b/externals/libressl/crypto/x509/by_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_mem.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: by_mem.c,v 1.5 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,8 @@ #include #include +#include "x509_lcl.h" + static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); static X509_LOOKUP_METHOD x509_mem_lookup = { diff --git a/externals/libressl/crypto/x509/ext_dat.h b/externals/libressl/crypto/x509/ext_dat.h index 1a7ae6e1a..59815c95a 100755 --- a/externals/libressl/crypto/x509/ext_dat.h +++ b/externals/libressl/crypto/x509/ext_dat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ext_dat.h,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: ext_dat.h,v 1.4 2021/11/24 19:22:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -72,7 +72,8 @@ extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -extern X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_ct_scts[3]; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -105,6 +106,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif #ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, @@ -125,6 +130,11 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif }; /* Number of standard extensions */ diff --git a/externals/libressl/crypto/x509/pcy_cache.c b/externals/libressl/crypto/x509/pcy_cache.c index 896ba7d59..debca3028 100755 --- a/externals/libressl/crypto/x509/pcy_cache.c +++ b/externals/libressl/crypto/x509/pcy_cache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_cache.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_cache.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" static int policy_data_cmp(const X509_POLICY_DATA * const *a, const X509_POLICY_DATA * const *b); diff --git a/externals/libressl/crypto/x509/pcy_map.c b/externals/libressl/crypto/x509/pcy_map.c index 287a430c2..f2e5d3255 100755 --- a/externals/libressl/crypto/x509/pcy_map.c +++ b/externals/libressl/crypto/x509/pcy_map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_map.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_map.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Set policy mapping entries in cache. * Note: this modifies the passed POLICY_MAPPINGS structure diff --git a/externals/libressl/crypto/x509/pcy_tree.c b/externals/libressl/crypto/x509/pcy_tree.c index d0f7cd1ad..284c08e66 100755 --- a/externals/libressl/crypto/x509/pcy_tree.c +++ b/externals/libressl/crypto/x509/pcy_tree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_tree.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: pcy_tree.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -60,6 +60,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Enable this to print out the complete policy tree at various point during * evaluation. diff --git a/externals/libressl/crypto/x509/x509_addr.c b/externals/libressl/crypto/x509/x509_addr.c new file mode 100755 index 000000000..035353826 --- /dev/null +++ b/externals/libressl/crypto/x509/x509_addr.c @@ -0,0 +1,1953 @@ +/* $OpenBSD: x509_addr.c,v 1.78 2022/03/16 11:44:36 tb Exp $ */ +/* + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + */ + +/* + * Implementation of RFC 3779 section 2.2. + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "bytestring.h" +#include "x509_lcl.h" + +#ifndef OPENSSL_NO_RFC3779 + +/* + * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. + */ + +static const ASN1_TEMPLATE IPAddressRange_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressRange, min), + .field_name = "min", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressRange, max), + .field_name = "max", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM IPAddressRange_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = IPAddressRange_seq_tt, + .tcount = sizeof(IPAddressRange_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(IPAddressRange), + .sname = "IPAddressRange", +}; + +static const ASN1_TEMPLATE IPAddressOrRange_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressOrRange, u.addressPrefix), + .field_name = "u.addressPrefix", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressOrRange, u.addressRange), + .field_name = "u.addressRange", + .item = &IPAddressRange_it, + }, +}; + +const ASN1_ITEM IPAddressOrRange_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(IPAddressOrRange, type), + .templates = IPAddressOrRange_ch_tt, + .tcount = sizeof(IPAddressOrRange_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(IPAddressOrRange), + .sname = "IPAddressOrRange", +}; + +static const ASN1_TEMPLATE IPAddressChoice_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressChoice, u.inherit), + .field_name = "u.inherit", + .item = &ASN1_NULL_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(IPAddressChoice, u.addressesOrRanges), + .field_name = "u.addressesOrRanges", + .item = &IPAddressOrRange_it, + }, +}; + +const ASN1_ITEM IPAddressChoice_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(IPAddressChoice, type), + .templates = IPAddressChoice_ch_tt, + .tcount = sizeof(IPAddressChoice_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(IPAddressChoice), + .sname = "IPAddressChoice", +}; + +static const ASN1_TEMPLATE IPAddressFamily_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressFamily, addressFamily), + .field_name = "addressFamily", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(IPAddressFamily, ipAddressChoice), + .field_name = "ipAddressChoice", + .item = &IPAddressChoice_it, + }, +}; + +const ASN1_ITEM IPAddressFamily_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = IPAddressFamily_seq_tt, + .tcount = sizeof(IPAddressFamily_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(IPAddressFamily), + .sname = "IPAddressFamily", +}; + +static const ASN1_TEMPLATE IPAddrBlocks_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "IPAddrBlocks", + .item = &IPAddressFamily_it, +}; + +static const ASN1_ITEM IPAddrBlocks_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &IPAddrBlocks_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "IPAddrBlocks", +}; + +IPAddressRange * +d2i_IPAddressRange(IPAddressRange **a, const unsigned char **in, long len) +{ + return (IPAddressRange *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &IPAddressRange_it); +} + +int +i2d_IPAddressRange(IPAddressRange *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &IPAddressRange_it); +} + +IPAddressRange * +IPAddressRange_new(void) +{ + return (IPAddressRange *)ASN1_item_new(&IPAddressRange_it); +} + +void +IPAddressRange_free(IPAddressRange *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &IPAddressRange_it); +} + +IPAddressOrRange * +d2i_IPAddressOrRange(IPAddressOrRange **a, const unsigned char **in, long len) +{ + return (IPAddressOrRange *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &IPAddressOrRange_it); +} + +int +i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &IPAddressOrRange_it); +} + +IPAddressOrRange * +IPAddressOrRange_new(void) +{ + return (IPAddressOrRange *)ASN1_item_new(&IPAddressOrRange_it); +} + +void +IPAddressOrRange_free(IPAddressOrRange *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &IPAddressOrRange_it); +} + +IPAddressChoice * +d2i_IPAddressChoice(IPAddressChoice **a, const unsigned char **in, long len) +{ + return (IPAddressChoice *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &IPAddressChoice_it); +} + +int +i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &IPAddressChoice_it); +} + +IPAddressChoice * +IPAddressChoice_new(void) +{ + return (IPAddressChoice *)ASN1_item_new(&IPAddressChoice_it); +} + +void +IPAddressChoice_free(IPAddressChoice *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &IPAddressChoice_it); +} + +IPAddressFamily * +d2i_IPAddressFamily(IPAddressFamily **a, const unsigned char **in, long len) +{ + return (IPAddressFamily *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &IPAddressFamily_it); +} + +int +i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &IPAddressFamily_it); +} + +IPAddressFamily * +IPAddressFamily_new(void) +{ + return (IPAddressFamily *)ASN1_item_new(&IPAddressFamily_it); +} + +void +IPAddressFamily_free(IPAddressFamily *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &IPAddressFamily_it); +} + +/* + * Convenience accessors for IPAddressFamily. + */ + +static int +IPAddressFamily_type(IPAddressFamily *af) +{ + /* XXX - can af->ipAddressChoice == NULL actually happen? */ + if (af == NULL || af->ipAddressChoice == NULL) + return -1; + + switch (af->ipAddressChoice->type) { + case IPAddressChoice_inherit: + case IPAddressChoice_addressesOrRanges: + return af->ipAddressChoice->type; + default: + return -1; + } +} + +static IPAddressOrRanges * +IPAddressFamily_addressesOrRanges(IPAddressFamily *af) +{ + if (IPAddressFamily_type(af) == IPAddressChoice_addressesOrRanges) + return af->ipAddressChoice->u.addressesOrRanges; + + return NULL; +} + +static ASN1_NULL * +IPAddressFamily_inheritance(IPAddressFamily *af) +{ + if (IPAddressFamily_type(af) == IPAddressChoice_inherit) + return af->ipAddressChoice->u.inherit; + + return NULL; +} + +static int +IPAddressFamily_set_inheritance(IPAddressFamily *af) +{ + if (IPAddressFamily_addressesOrRanges(af) != NULL) + return 0; + + if (IPAddressFamily_inheritance(af) != NULL) + return 1; + + if ((af->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) + return 0; + af->ipAddressChoice->type = IPAddressChoice_inherit; + + return 1; +} + +/* + * How much buffer space do we need for a raw address? + */ +#define ADDR_RAW_BUF_LEN 16 + +/* + * What's the address length associated with this AFI? + */ +static int +length_from_afi(const unsigned afi) +{ + switch (afi) { + case IANA_AFI_IPV4: + return 4; + case IANA_AFI_IPV6: + return 16; + default: + return 0; + } +} + +/* + * Get AFI and optional SAFI from an IPAddressFamily. All three out arguments + * are optional; if |out_safi| is non-NULL, |safi_is_set| must be non-NULL. + */ +static int +IPAddressFamily_afi_safi(const IPAddressFamily *af, uint16_t *out_afi, + uint8_t *out_safi, int *safi_is_set) +{ + CBS cbs; + uint16_t afi; + uint8_t safi = 0; + int got_safi = 0; + + CBS_init(&cbs, af->addressFamily->data, af->addressFamily->length); + + if (!CBS_get_u16(&cbs, &afi)) + return 0; + + /* Fetch the optional SAFI. */ + if (CBS_len(&cbs) != 0) { + if (!CBS_get_u8(&cbs, &safi)) + return 0; + got_safi = 1; + } + + /* If there's anything left, it's garbage. */ + if (CBS_len(&cbs) != 0) + return 0; + + /* XXX - error on reserved AFI/SAFI? */ + + if (out_afi != NULL) + *out_afi = afi; + + if (out_safi != NULL) { + *out_safi = safi; + *safi_is_set = got_safi; + } + + return 1; +} + +static int +IPAddressFamily_afi(const IPAddressFamily *af, uint16_t *out_afi) +{ + return IPAddressFamily_afi_safi(af, out_afi, NULL, NULL); +} + +static int +IPAddressFamily_afi_is_valid(const IPAddressFamily *af) +{ + return IPAddressFamily_afi_safi(af, NULL, NULL, NULL); +} + +static int +IPAddressFamily_afi_length(const IPAddressFamily *af, int *out_length) +{ + uint16_t afi; + + *out_length = 0; + + if (!IPAddressFamily_afi(af, &afi)) + return 0; + + *out_length = length_from_afi(afi); + + return 1; +} + +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +/* + * Sort comparison function for a sequence of IPAddressFamily. + * + * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about + * the ordering: I can read it as meaning that IPv6 without a SAFI + * comes before IPv4 with a SAFI, which seems pretty weird. The + * examples in appendix B suggest that the author intended the + * null-SAFI rule to apply only within a single AFI, which is what I + * would have expected and is what the following code implements. + */ +static int +IPAddressFamily_cmp(const IPAddressFamily *const *a_, + const IPAddressFamily *const *b_) +{ + const ASN1_OCTET_STRING *a = (*a_)->addressFamily; + const ASN1_OCTET_STRING *b = (*b_)->addressFamily; + int len, cmp; + + len = MINIMUM(a->length, b->length); + + if ((cmp = memcmp(a->data, b->data, len)) != 0) + return cmp; + + return a->length - b->length; +} + +static IPAddressFamily * +IPAddressFamily_find_in_parent(IPAddrBlocks *parent, IPAddressFamily *child_af) +{ + int index; + + (void)sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp); + + if ((index = sk_IPAddressFamily_find(parent, child_af)) < 0) + return NULL; + + return sk_IPAddressFamily_value(parent, index); +} + +/* + * Extract the AFI from an IPAddressFamily. + * + * This is public API. It uses the reserved AFI 0 as an in-band error + * while it doesn't care about the reserved AFI 65535... + */ +unsigned int +X509v3_addr_get_afi(const IPAddressFamily *af) +{ + uint16_t afi; + + /* + * XXX are these NULL checks really sensible? If af is non-NULL, it + * should have both addressFamily and ipAddressChoice... + */ + if (af == NULL || af->addressFamily == NULL || + af->addressFamily->data == NULL) + return 0; + + if (!IPAddressFamily_afi(af, &afi)) + return 0; + + return afi; +} + +/* + * Expand the bitstring form (RFC 3779, section 2.1.2) of an address into + * a raw byte array. At the moment this is coded for simplicity, not speed. + * + * Unused bits in the last octet of |bs| and all bits in subsequent bytes + * of |addr| are set to 0 or 1 depending on whether |fill| is 0 or not. + */ +static int +addr_expand(unsigned char *addr, const ASN1_BIT_STRING *bs, const int length, + uint8_t fill) +{ + if (bs->length < 0 || bs->length > length) + return 0; + + if (fill != 0) + fill = 0xff; + + if (bs->length > 0) { + /* XXX - shouldn't this check ASN1_STRING_FLAG_BITS_LEFT? */ + uint8_t unused_bits = bs->flags & 7; + uint8_t mask = (1 << unused_bits) - 1; + + memcpy(addr, bs->data, bs->length); + + if (fill == 0) + addr[bs->length - 1] &= ~mask; + else + addr[bs->length - 1] |= mask; + } + + memset(addr + bs->length, fill, length - bs->length); + + return 1; +} + +/* + * Extract the prefix length from a bitstring: 8 * length - unused bits. + */ +#define addr_prefix_len(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) + +/* + * i2r handler for one address bitstring. + */ +static int +i2r_address(BIO *out, const unsigned afi, const unsigned char fill, + const ASN1_BIT_STRING *bs) +{ + unsigned char addr[ADDR_RAW_BUF_LEN]; + int i, n; + + if (bs->length < 0) + return 0; + switch (afi) { + case IANA_AFI_IPV4: + if (!addr_expand(addr, bs, 4, fill)) + return 0; + BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], + addr[3]); + break; + case IANA_AFI_IPV6: + if (!addr_expand(addr, bs, 16, fill)) + return 0; + for (n = 16; + n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00; n -= 2) + continue; + for (i = 0; i < n; i += 2) + BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1], + (i < 14 ? ":" : "")); + if (i < 16) + BIO_puts(out, ":"); + if (i == 0) + BIO_puts(out, ":"); + break; + default: + for (i = 0; i < bs->length; i++) + BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), + bs->data[i]); + BIO_printf(out, "[%d]", (int)(bs->flags & 7)); + break; + } + return 1; +} + +/* + * i2r handler for a sequence of addresses and ranges. + */ +static int +i2r_IPAddressOrRanges(BIO *out, const int indent, + const IPAddressOrRanges *aors, const unsigned afi) +{ + const IPAddressOrRange *aor; + const ASN1_BIT_STRING *prefix; + const IPAddressRange *range; + int i; + + for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { + aor = sk_IPAddressOrRange_value(aors, i); + + BIO_printf(out, "%*s", indent, ""); + + switch (aor->type) { + case IPAddressOrRange_addressPrefix: + prefix = aor->u.addressPrefix; + + if (!i2r_address(out, afi, 0x00, prefix)) + return 0; + BIO_printf(out, "/%d\n", addr_prefix_len(prefix)); + continue; + case IPAddressOrRange_addressRange: + range = aor->u.addressRange; + + if (!i2r_address(out, afi, 0x00, range->min)) + return 0; + BIO_puts(out, "-"); + if (!i2r_address(out, afi, 0xff, range->max)) + return 0; + BIO_puts(out, "\n"); + continue; + } + } + + return 1; +} + +/* + * i2r handler for an IPAddrBlocks extension. + */ +static int +i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, void *ext, BIO *out, + int indent) +{ + const IPAddrBlocks *addr = ext; + IPAddressFamily *af; + uint16_t afi; + uint8_t safi; + int i, safi_is_set; + + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + af = sk_IPAddressFamily_value(addr, i); + + if (!IPAddressFamily_afi_safi(af, &afi, &safi, &safi_is_set)) + goto print_addresses; + + switch (afi) { + case IANA_AFI_IPV4: + BIO_printf(out, "%*sIPv4", indent, ""); + break; + case IANA_AFI_IPV6: + BIO_printf(out, "%*sIPv6", indent, ""); + break; + default: + BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); + break; + } + if (safi_is_set) { + switch (safi) { + case 1: + BIO_puts(out, " (Unicast)"); + break; + case 2: + BIO_puts(out, " (Multicast)"); + break; + case 3: + BIO_puts(out, " (Unicast/Multicast)"); + break; + case 4: + BIO_puts(out, " (MPLS)"); + break; + case 64: + BIO_puts(out, " (Tunnel)"); + break; + case 65: + BIO_puts(out, " (VPLS)"); + break; + case 66: + BIO_puts(out, " (BGP MDT)"); + break; + case 128: + BIO_puts(out, " (MPLS-labeled VPN)"); + break; + default: + BIO_printf(out, " (Unknown SAFI %u)", safi); + break; + } + } + + print_addresses: + switch (IPAddressFamily_type(af)) { + case IPAddressChoice_inherit: + BIO_puts(out, ": inherit\n"); + break; + case IPAddressChoice_addressesOrRanges: + BIO_puts(out, ":\n"); + if (!i2r_IPAddressOrRanges(out, indent + 2, + IPAddressFamily_addressesOrRanges(af), afi)) + return 0; + break; + /* XXX - how should we handle -1 here? */ + } + } + return 1; +} + +/* + * Sort comparison function for a sequence of IPAddressOrRange + * elements. + * + * There's no sane answer we can give if addr_expand() fails, and an + * assertion failure on externally supplied data is seriously uncool, + * so we just arbitrarily declare that if given invalid inputs this + * function returns -1. If this messes up your preferred sort order + * for garbage input, tough noogies. + */ +static int +IPAddressOrRange_cmp(const IPAddressOrRange *a, const IPAddressOrRange *b, + const int length) +{ + unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; + int prefix_len_a = 0, prefix_len_b = 0; + int r; + + switch (a->type) { + case IPAddressOrRange_addressPrefix: + if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) + return -1; + prefix_len_a = addr_prefix_len(a->u.addressPrefix); + break; + case IPAddressOrRange_addressRange: + if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) + return -1; + prefix_len_a = length * 8; + break; + } + + switch (b->type) { + case IPAddressOrRange_addressPrefix: + if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) + return -1; + prefix_len_b = addr_prefix_len(b->u.addressPrefix); + break; + case IPAddressOrRange_addressRange: + if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) + return -1; + prefix_len_b = length * 8; + break; + } + + if ((r = memcmp(addr_a, addr_b, length)) != 0) + return r; + else + return prefix_len_a - prefix_len_b; +} + +/* + * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() + * comparison routines are only allowed two arguments. + */ +static int +v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, + const IPAddressOrRange *const *b) +{ + return IPAddressOrRange_cmp(*a, *b, 4); +} + +/* + * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() + * comparison routines are only allowed two arguments. + */ +static int +v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, + const IPAddressOrRange *const *b) +{ + return IPAddressOrRange_cmp(*a, *b, 16); +} + +/* + * Calculate whether a range collapses to a prefix. + * See last paragraph of RFC 3779 2.2.3.7. + * + * It's the caller's responsibility to ensure that min <= max. + */ +static int +range_should_be_prefix(const unsigned char *min, const unsigned char *max, + const int length) +{ + unsigned char mask; + int i, j; + + for (i = 0; i < length && min[i] == max[i]; i++) + continue; + for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xff; j--) + continue; + if (i < j) + return -1; + if (i > j) + return i * 8; + mask = min[i] ^ max[i]; + switch (mask) { + case 0x01: + j = 7; + break; + case 0x03: + j = 6; + break; + case 0x07: + j = 5; + break; + case 0x0f: + j = 4; + break; + case 0x1f: + j = 3; + break; + case 0x3f: + j = 2; + break; + case 0x7f: + j = 1; + break; + default: + return -1; + } + if ((min[i] & mask) != 0 || (max[i] & mask) != mask) + return -1; + else + return i * 8 + j; +} + +/* + * Construct a prefix. + */ +static int +make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, + unsigned int afi, int prefix_len) +{ + IPAddressOrRange *aor; + int afi_len, byte_len, bit_len, max_len; + + if (prefix_len < 0) + return 0; + + max_len = 16; + if ((afi_len = length_from_afi(afi)) > 0) + max_len = afi_len; + if (prefix_len > 8 * max_len) + return 0; + + byte_len = (prefix_len + 7) / 8; + bit_len = prefix_len % 8; + + if ((aor = IPAddressOrRange_new()) == NULL) + return 0; + aor->type = IPAddressOrRange_addressPrefix; + if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) + goto err; + + if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, byte_len)) + goto err; + + aor->u.addressPrefix->flags &= ~7; + aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (bit_len > 0) { + aor->u.addressPrefix->data[byte_len - 1] &= ~(0xff >> bit_len); + aor->u.addressPrefix->flags |= 8 - bit_len; + } + + *result = aor; + return 1; + + err: + IPAddressOrRange_free(aor); + return 0; +} + +/* + * Construct a range. If it can be expressed as a prefix, + * return a prefix instead. Doing this here simplifies + * the rest of the code considerably. + */ +static int +make_addressRange(IPAddressOrRange **result, unsigned char *min, + unsigned char *max, unsigned int afi, int length) +{ + IPAddressOrRange *aor; + int i, prefix_len; + + if (memcmp(min, max, length) > 0) + return 0; + + if ((prefix_len = range_should_be_prefix(min, max, length)) >= 0) + return make_addressPrefix(result, min, afi, prefix_len); + + if ((aor = IPAddressOrRange_new()) == NULL) + return 0; + aor->type = IPAddressOrRange_addressRange; + if ((aor->u.addressRange = IPAddressRange_new()) == NULL) + goto err; + + for (i = length; i > 0 && min[i - 1] == 0x00; --i) + continue; + if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) + goto err; + aor->u.addressRange->min->flags &= ~7; + aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (i > 0) { + unsigned char b = min[i - 1]; + int j = 1; + while ((b & (0xffU >> j)) != 0) + ++j; + aor->u.addressRange->min->flags |= 8 - j; + } + + for (i = length; i > 0 && max[i - 1] == 0xff; --i) + continue; + if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) + goto err; + aor->u.addressRange->max->flags &= ~7; + aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (i > 0) { + unsigned char b = max[i - 1]; + int j = 1; + while ((b & (0xffU >> j)) != (0xffU >> j)) + ++j; + aor->u.addressRange->max->flags |= 8 - j; + } + + *result = aor; + return 1; + + err: + IPAddressOrRange_free(aor); + return 0; +} + +/* + * Construct a new address family or find an existing one. + */ +static IPAddressFamily * +make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi) +{ + IPAddressFamily *af = NULL; + CBB cbb; + CBS cbs; + uint8_t *key = NULL; + size_t keylen; + int i; + + if (!CBB_init(&cbb, 0)) + goto err; + + /* XXX - should afi <= 65535 and *safi <= 255 be checked here? */ + + if (!CBB_add_u16(&cbb, afi)) + goto err; + if (safi != NULL) { + if (!CBB_add_u8(&cbb, *safi)) + goto err; + } + + if (!CBB_finish(&cbb, &key, &keylen)) + goto err; + + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + af = sk_IPAddressFamily_value(addr, i); + + CBS_init(&cbs, af->addressFamily->data, + af->addressFamily->length); + if (CBS_mem_equal(&cbs, key, keylen)) + goto done; + } + + if ((af = IPAddressFamily_new()) == NULL) + goto err; + if (!ASN1_OCTET_STRING_set(af->addressFamily, key, keylen)) + goto err; + if (!sk_IPAddressFamily_push(addr, af)) + goto err; + + done: + free(key); + + return af; + + err: + CBB_cleanup(&cbb); + free(key); + IPAddressFamily_free(af); + + return NULL; +} + +/* + * Add an inheritance element. + */ +int +X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi) +{ + IPAddressFamily *af; + + if ((af = make_IPAddressFamily(addr, afi, safi)) == NULL) + return 0; + + return IPAddressFamily_set_inheritance(af); +} + +/* + * Construct an IPAddressOrRange sequence, or return an existing one. + */ +static IPAddressOrRanges * +make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi) +{ + IPAddressFamily *af; + IPAddressOrRanges *aors = NULL; + + if ((af = make_IPAddressFamily(addr, afi, safi)) == NULL) + return NULL; + + if (IPAddressFamily_inheritance(af) != NULL) + return NULL; + + if ((aors = IPAddressFamily_addressesOrRanges(af)) != NULL) + return aors; + + if ((aors = sk_IPAddressOrRange_new_null()) == NULL) + return NULL; + + switch (afi) { + case IANA_AFI_IPV4: + (void)sk_IPAddressOrRange_set_cmp_func(aors, + v4IPAddressOrRange_cmp); + break; + case IANA_AFI_IPV6: + (void)sk_IPAddressOrRange_set_cmp_func(aors, + v6IPAddressOrRange_cmp); + break; + } + + af->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; + af->ipAddressChoice->u.addressesOrRanges = aors; + + return aors; +} + +/* + * Add a prefix. + */ +int +X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *a, const int prefix_len) +{ + IPAddressOrRanges *aors; + IPAddressOrRange *aor; + + if ((aors = make_prefix_or_range(addr, afi, safi)) == NULL) + return 0; + + if (!make_addressPrefix(&aor, a, afi, prefix_len)) + return 0; + + if (sk_IPAddressOrRange_push(aors, aor) <= 0) { + IPAddressOrRange_free(aor); + return 0; + } + + return 1; +} + +/* + * Add a range. + */ +int +X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *min, unsigned char *max) +{ + IPAddressOrRanges *aors; + IPAddressOrRange *aor; + int length; + + if ((aors = make_prefix_or_range(addr, afi, safi)) == NULL) + return 0; + + length = length_from_afi(afi); + + if (!make_addressRange(&aor, min, max, afi, length)) + return 0; + + if (sk_IPAddressOrRange_push(aors, aor) <= 0) { + IPAddressOrRange_free(aor); + return 0; + } + + return 1; +} + +static int +extract_min_max_bitstr(IPAddressOrRange *aor, ASN1_BIT_STRING **out_min, + ASN1_BIT_STRING **out_max) +{ + switch (aor->type) { + case IPAddressOrRange_addressPrefix: + *out_min = *out_max = aor->u.addressPrefix; + return 1; + case IPAddressOrRange_addressRange: + *out_min = aor->u.addressRange->min; + *out_max = aor->u.addressRange->max; + return 1; + default: + return 0; + } +} + +/* + * Extract min and max values from an IPAddressOrRange. + */ +static int +extract_min_max(IPAddressOrRange *aor, unsigned char *min, unsigned char *max, + int length) +{ + ASN1_BIT_STRING *min_bitstr, *max_bitstr; + + if (aor == NULL || min == NULL || max == NULL) + return 0; + + if (!extract_min_max_bitstr(aor, &min_bitstr, &max_bitstr)) + return 0; + + if (!addr_expand(min, min_bitstr, length, 0)) + return 0; + + return addr_expand(max, max_bitstr, length, 1); +} + +/* + * Public wrapper for extract_min_max(). + */ +int +X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, const int length) +{ + int afi_len; + + if ((afi_len = length_from_afi(afi)) == 0) + return 0; + + if (length < afi_len) + return 0; + + if (!extract_min_max(aor, min, max, afi_len)) + return 0; + + return afi_len; +} + +/* + * Check whether an IPAddrBLocks is in canonical form. + */ +int +X509v3_addr_is_canonical(IPAddrBlocks *addr) +{ + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; + unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + IPAddressFamily *af; + IPAddressOrRanges *aors; + IPAddressOrRange *aor, *aor_a, *aor_b; + int i, j, k, length; + + /* + * Empty extension is canonical. + */ + if (addr == NULL) + return 1; + + /* + * Check whether the top-level list is in order. + */ + for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { + const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); + const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); + + /* Check that both have valid AFIs before comparing them. */ + if (!IPAddressFamily_afi_is_valid(a)) + return 0; + if (!IPAddressFamily_afi_is_valid(b)) + return 0; + + if (IPAddressFamily_cmp(&a, &b) >= 0) + return 0; + } + + /* + * Top level's ok, now check each address family. + */ + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + af = sk_IPAddressFamily_value(addr, i); + + if (!IPAddressFamily_afi_length(af, &length)) + return 0; + + /* + * If this family has an inheritance element, it is canonical. + */ + if (IPAddressFamily_inheritance(af) != NULL) + continue; + + /* + * If this family has neither an inheritance element nor an + * addressesOrRanges, we don't know what this is. + */ + if ((aors = IPAddressFamily_addressesOrRanges(af)) == NULL) + return 0; + + if (sk_IPAddressOrRange_num(aors) == 0) + return 0; + + for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { + aor_a = sk_IPAddressOrRange_value(aors, j); + aor_b = sk_IPAddressOrRange_value(aors, j + 1); + + /* + * XXX - check that both are either a prefix or a range. + */ + + if (!extract_min_max(aor_a, a_min, a_max, length) || + !extract_min_max(aor_b, b_min, b_max, length)) + return 0; + + /* + * Punt misordered list, overlapping start, or inverted + * range. + */ + if (memcmp(a_min, b_min, length) >= 0 || + memcmp(a_min, a_max, length) > 0 || + memcmp(b_min, b_max, length) > 0) + return 0; + + /* + * Punt if adjacent or overlapping. Check for adjacency + * by subtracting one from b_min first. + */ + for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) + continue; + if (memcmp(a_max, b_min, length) >= 0) + return 0; + + /* + * Check for range that should be expressed as a prefix. + */ + if (aor_a->type == IPAddressOrRange_addressPrefix) + continue; + + if (range_should_be_prefix(a_min, a_max, length) >= 0) + return 0; + } + + /* + * Check final range to see if it's inverted or should be a + * prefix. + */ + aor = sk_IPAddressOrRange_value(aors, j); + if (aor->type == IPAddressOrRange_addressRange) { + if (!extract_min_max(aor, a_min, a_max, length)) + return 0; + if (memcmp(a_min, a_max, length) > 0) + return 0; + if (range_should_be_prefix(a_min, a_max, length) >= 0) + return 0; + } + } + + /* + * If we made it through all that, we're happy. + */ + return 1; +} + +/* + * Whack an IPAddressOrRanges into canonical form. + */ +static int +IPAddressOrRanges_canonize(IPAddressOrRanges *aors, const unsigned afi) +{ + IPAddressOrRange *a, *b, *merged; + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; + unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + int i, j, length; + + length = length_from_afi(afi); + + /* + * Sort the IPAddressOrRanges sequence. + */ + sk_IPAddressOrRange_sort(aors); + + /* + * Clean up representation issues, punt on duplicates or overlaps. + */ + for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { + a = sk_IPAddressOrRange_value(aors, i); + b = sk_IPAddressOrRange_value(aors, i + 1); + + if (!extract_min_max(a, a_min, a_max, length) || + !extract_min_max(b, b_min, b_max, length)) + return 0; + + /* + * Punt inverted ranges. + */ + if (memcmp(a_min, a_max, length) > 0 || + memcmp(b_min, b_max, length) > 0) + return 0; + + /* + * Punt overlaps. + */ + if (memcmp(a_max, b_min, length) >= 0) + return 0; + + /* + * Merge if a and b are adjacent. We check for + * adjacency by subtracting one from b_min first. + */ + for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) + continue; + + if (memcmp(a_max, b_min, length) != 0) + continue; + + if (!make_addressRange(&merged, a_min, b_max, afi, length)) + return 0; + sk_IPAddressOrRange_set(aors, i, merged); + (void)sk_IPAddressOrRange_delete(aors, i + 1); + IPAddressOrRange_free(a); + IPAddressOrRange_free(b); + i--; + } + + /* + * Check for inverted final range. + */ + a = sk_IPAddressOrRange_value(aors, i); + if (a != NULL && a->type == IPAddressOrRange_addressRange) { + if (!extract_min_max(a, a_min, a_max, length)) + return 0; + if (memcmp(a_min, a_max, length) > 0) + return 0; + } + + return 1; +} + +/* + * Whack an IPAddrBlocks extension into canonical form. + */ +int +X509v3_addr_canonize(IPAddrBlocks *addr) +{ + IPAddressFamily *af; + IPAddressOrRanges *aors; + uint16_t afi; + int i; + + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + af = sk_IPAddressFamily_value(addr, i); + + /* Check AFI/SAFI here - IPAddressFamily_cmp() can't error. */ + if (!IPAddressFamily_afi(af, &afi)) + return 0; + + if ((aors = IPAddressFamily_addressesOrRanges(af)) == NULL) + continue; + + if (!IPAddressOrRanges_canonize(aors, afi)) + return 0; + } + + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); + sk_IPAddressFamily_sort(addr); + + return X509v3_addr_is_canonical(addr); +} + +/* + * v2i handler for the IPAddrBlocks extension. + */ +static void * +v2i_IPAddrBlocks(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE)*values) +{ + static const char v4addr_chars[] = "0123456789."; + static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; + IPAddrBlocks *addr = NULL; + char *s = NULL, *t; + int i; + + if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + CONF_VALUE *val = sk_CONF_VALUE_value(values, i); + unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; + unsigned afi, *safi = NULL, safi_; + const char *addr_chars = NULL; + const char *errstr; + int prefix_len, i1, i2, delim, length; + + if (!name_cmp(val->name, "IPv4")) { + afi = IANA_AFI_IPV4; + } else if (!name_cmp(val->name, "IPv6")) { + afi = IANA_AFI_IPV6; + } else if (!name_cmp(val->name, "IPv4-SAFI")) { + afi = IANA_AFI_IPV4; + safi = &safi_; + } else if (!name_cmp(val->name, "IPv6-SAFI")) { + afi = IANA_AFI_IPV6; + safi = &safi_; + } else { + X509V3error(X509V3_R_EXTENSION_NAME_ERROR); + X509V3_conf_err(val); + goto err; + } + + switch (afi) { + case IANA_AFI_IPV4: + addr_chars = v4addr_chars; + break; + case IANA_AFI_IPV6: + addr_chars = v6addr_chars; + break; + } + + length = length_from_afi(afi); + + /* + * Handle SAFI, if any, and strdup() so we can null-terminate + * the other input values. + */ + if (safi != NULL) { + unsigned long parsed_safi; + int saved_errno = errno; + + errno = 0; + parsed_safi = strtoul(val->value, &t, 0); + + /* Value must be present, then a tab, space or colon. */ + if (val->value[0] == '\0' || + (*t != '\t' && *t != ' ' && *t != ':')) { + X509V3error(X509V3_R_INVALID_SAFI); + X509V3_conf_err(val); + goto err; + } + /* Range and overflow check. */ + if ((errno == ERANGE && parsed_safi == ULONG_MAX) || + parsed_safi > 0xff) { + X509V3error(X509V3_R_INVALID_SAFI); + X509V3_conf_err(val); + goto err; + } + errno = saved_errno; + + *safi = parsed_safi; + + /* Check possible whitespace is followed by a colon. */ + t += strspn(t, " \t"); + if (*t != ':') { + X509V3error(X509V3_R_INVALID_SAFI); + X509V3_conf_err(val); + goto err; + } + + /* Skip over colon. */ + t++; + + /* Then over any trailing whitespace. */ + t += strspn(t, " \t"); + + s = strdup(t); + } else { + s = strdup(val->value); + } + if (s == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + + /* + * Check for inheritance. Not worth additional complexity to + * optimize this (seldom-used) case. + */ + if (strcmp(s, "inherit") == 0) { + if (!X509v3_addr_add_inherit(addr, afi, safi)) { + X509V3error(X509V3_R_INVALID_INHERITANCE); + X509V3_conf_err(val); + goto err; + } + free(s); + s = NULL; + continue; + } + + i1 = strspn(s, addr_chars); + i2 = i1 + strspn(s + i1, " \t"); + delim = s[i2++]; + s[i1] = '\0'; + + if (a2i_ipadd(min, s) != length) { + X509V3error(X509V3_R_INVALID_IPADDRESS); + X509V3_conf_err(val); + goto err; + } + + switch (delim) { + case '/': + /* length contains the size of the address in bytes. */ + if (length != 4 && length != 16) + goto err; + prefix_len = strtonum(s + i2, 0, 8 * length, &errstr); + if (errstr != NULL) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; + } + if (!X509v3_addr_add_prefix(addr, afi, safi, min, + prefix_len)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + break; + case '-': + i1 = i2 + strspn(s + i2, " \t"); + i2 = i1 + strspn(s + i1, addr_chars); + if (i1 == i2 || s[i2] != '\0') { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; + } + if (a2i_ipadd(max, s + i1) != length) { + X509V3error(X509V3_R_INVALID_IPADDRESS); + X509V3_conf_err(val); + goto err; + } + if (memcmp(min, max, length_from_afi(afi)) > 0) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; + } + if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + break; + case '\0': + if (!X509v3_addr_add_prefix(addr, afi, safi, min, + length * 8)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + break; + default: + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; + } + + free(s); + s = NULL; + } + + /* + * Canonize the result, then we're done. + */ + if (!X509v3_addr_canonize(addr)) + goto err; + return addr; + + err: + free(s); + sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + return NULL; +} + +/* + * OpenSSL dispatch + */ +const X509V3_EXT_METHOD v3_addr = { + .ext_nid = NID_sbgp_ipAddrBlock, + .ext_flags = 0, + .it = &IPAddrBlocks_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_IPAddrBlocks, + .i2r = i2r_IPAddrBlocks, + .r2i = NULL, + .usr_data = NULL, +}; + +/* + * Figure out whether extension uses inheritance. + */ +int +X509v3_addr_inherits(IPAddrBlocks *addr) +{ + IPAddressFamily *af; + int i; + + if (addr == NULL) + return 0; + + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + af = sk_IPAddressFamily_value(addr, i); + + if (IPAddressFamily_inheritance(af) != NULL) + return 1; + } + + return 0; +} + +/* + * Figure out whether parent contains child. + * + * This only works correctly if both parent and child are in canonical form. + */ +static int +addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length) +{ + IPAddressOrRange *child_aor, *parent_aor; + uint8_t parent_min[ADDR_RAW_BUF_LEN], parent_max[ADDR_RAW_BUF_LEN]; + uint8_t child_min[ADDR_RAW_BUF_LEN], child_max[ADDR_RAW_BUF_LEN]; + int p, c; + + if (child == NULL || parent == child) + return 1; + if (parent == NULL) + return 0; + + p = 0; + for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { + child_aor = sk_IPAddressOrRange_value(child, c); + + if (!extract_min_max(child_aor, child_min, child_max, length)) + return 0; + + for (;; p++) { + if (p >= sk_IPAddressOrRange_num(parent)) + return 0; + + parent_aor = sk_IPAddressOrRange_value(parent, p); + + if (!extract_min_max(parent_aor, parent_min, parent_max, + length)) + return 0; + + if (memcmp(parent_max, child_max, length) < 0) + continue; + if (memcmp(parent_min, child_min, length) > 0) + return 0; + break; + } + } + + return 1; +} + +/* + * Test whether |child| is a subset of |parent|. + */ +int +X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent) +{ + IPAddressFamily *child_af, *parent_af; + IPAddressOrRanges *child_aor, *parent_aor; + int i, length; + + if (child == NULL || child == parent) + return 1; + if (parent == NULL) + return 0; + + if (X509v3_addr_inherits(child) || X509v3_addr_inherits(parent)) + return 0; + + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + parent_af = IPAddressFamily_find_in_parent(parent, child_af); + if (parent_af == NULL) + return 0; + + if (!IPAddressFamily_afi_length(parent_af, &length)) + return 0; + + child_aor = IPAddressFamily_addressesOrRanges(child_af); + parent_aor = IPAddressFamily_addressesOrRanges(parent_af); + + if (!addr_contains(parent_aor, child_aor, length)) + return 0; + } + return 1; +} + +static int +verify_error(X509_STORE_CTX *ctx, X509 *cert, int error, int depth) +{ + if (ctx == NULL) + return 0; + + ctx->current_cert = cert; + ctx->error = error; + ctx->error_depth = depth; + + return ctx->verify_cb(0, ctx); +} + +/* + * Core code for RFC 3779 2.3 path validation. + * + * Returns 1 for success, 0 on error. + * + * When returning 0, ctx->error MUST be set to an appropriate value other than + * X509_V_OK. + */ +static int +addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, + IPAddrBlocks *ext) +{ + IPAddrBlocks *child = NULL, *parent = NULL; + IPAddressFamily *child_af, *parent_af; + IPAddressOrRanges *child_aor, *parent_aor; + X509 *cert = NULL; + int depth = -1; + int i; + unsigned int length; + int ret = 1; + + /* We need a non-empty chain to test against. */ + if (sk_X509_num(chain) <= 0) + goto err; + /* We need either a store ctx or an extension to work with. */ + if (ctx == NULL && ext == NULL) + goto err; + /* If there is a store ctx, it needs a verify_cb. */ + if (ctx != NULL && ctx->verify_cb == NULL) + goto err; + + /* + * Figure out where to start. If we don't have an extension to check, + * we're done. Otherwise, check canonical form and set up for walking + * up the chain. + */ + if (ext == NULL) { + depth = 0; + cert = sk_X509_value(chain, depth); + if ((ext = cert->rfc3779_addr) == NULL) + goto done; + } + + if (!X509v3_addr_is_canonical(ext)) { + if ((ret = verify_error(ctx, cert, + X509_V_ERR_INVALID_EXTENSION, depth)) == 0) + goto done; + } + + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + if (ctx != NULL) + ctx->error = X509_V_ERR_OUT_OF_MEM; + ret = 0; + goto done; + } + + /* + * Now walk up the chain. No cert may list resources that its parent + * doesn't list. + */ + for (depth++; depth < sk_X509_num(chain); depth++) { + cert = sk_X509_value(chain, depth); + + if ((parent = cert->rfc3779_addr) == NULL) { + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + if (IPAddressFamily_inheritance(child_af) != + NULL) + continue; + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + break; + } + continue; + } + + if (!X509v3_addr_is_canonical(parent)) { + if ((ret = verify_error(ctx, cert, + X509_V_ERR_INVALID_EXTENSION, depth)) == 0) + goto done; + } + + /* + * Check that the child's resources are covered by the parent. + * Each covered resource is replaced with the parent's resource + * covering it, so the next iteration will check that the + * parent's resources are covered by the grandparent. + */ + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + child_af = sk_IPAddressFamily_value(child, i); + + if ((parent_af = IPAddressFamily_find_in_parent(parent, + child_af)) == NULL) { + /* + * If we have no match in the parent and the + * child inherits, that's fine. + */ + if (IPAddressFamily_inheritance(child_af) != + NULL) + continue; + + /* Otherwise the child isn't covered. */ + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + break; + } + + /* Parent inherits, nothing to do. */ + if (IPAddressFamily_inheritance(parent_af) != NULL) + continue; + + /* Child inherits. Use parent's address family. */ + if (IPAddressFamily_inheritance(child_af) != NULL) { + sk_IPAddressFamily_set(child, i, parent_af); + continue; + } + + child_aor = IPAddressFamily_addressesOrRanges(child_af); + parent_aor = + IPAddressFamily_addressesOrRanges(parent_af); + + /* + * Child and parent are canonical and neither inherits. + * If either addressesOrRanges is NULL, something's + * very wrong. + */ + if (child_aor == NULL || parent_aor == NULL) + goto err; + + if (!IPAddressFamily_afi_length(child_af, &length)) + goto err; + + /* Now check containment and replace or error. */ + if (addr_contains(parent_aor, child_aor, length)) { + sk_IPAddressFamily_set(child, i, parent_af); + continue; + } + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + } + } + + /* + * Trust anchor can't inherit. + */ + if ((parent = cert->rfc3779_addr) != NULL) { + for (i = 0; i < sk_IPAddressFamily_num(parent); i++) { + parent_af = sk_IPAddressFamily_value(parent, i); + + if (IPAddressFamily_inheritance(parent_af) == NULL) + continue; + + if ((ret = verify_error(ctx, cert, + X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) + goto done; + } + } + + done: + sk_IPAddressFamily_free(child); + return ret; + + err: + sk_IPAddressFamily_free(child); + + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + + return 0; +} + +/* + * RFC 3779 2.3 path validation -- called from X509_verify_cert(). + */ +int +X509v3_addr_validate_path(X509_STORE_CTX *ctx) +{ + if (sk_X509_num(ctx->chain) <= 0 || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } + return addr_validate_path_internal(ctx, ctx->chain, NULL); +} + +/* + * RFC 3779 2.3 path validation of an extension. + * Test whether chain covers extension. + */ +int +X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, + int allow_inheritance) +{ + if (ext == NULL) + return 1; + if (sk_X509_num(chain) <= 0) + return 0; + if (!allow_inheritance && X509v3_addr_inherits(ext)) + return 0; + return addr_validate_path_internal(NULL, chain, ext); +} + +#endif /* OPENSSL_NO_RFC3779 */ diff --git a/externals/libressl/crypto/x509/x509_alt.c b/externals/libressl/crypto/x509/x509_alt.c index 45aaec24c..8656df82b 100755 --- a/externals/libressl/crypto/x509/x509_alt.c +++ b/externals/libressl/crypto/x509/x509_alt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_alt.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_alt.c,v 1.12 2022/03/26 16:34:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_internal.h" + static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, @@ -264,15 +266,18 @@ GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) break; case GEN_EMAIL: - BIO_printf(out, "email:%s", gen->d.ia5->data); + BIO_printf(out, "email:%.*s", gen->d.ia5->length, + gen->d.ia5->data); break; case GEN_DNS: - BIO_printf(out, "DNS:%s", gen->d.ia5->data); + BIO_printf(out, "DNS:%.*s", gen->d.ia5->length, + gen->d.ia5->data); break; case GEN_URI: - BIO_printf(out, "URI:%s", gen->d.ia5->data); + BIO_printf(out, "URI:%.*s", gen->d.ia5->length, + gen->d.ia5->data); break; case GEN_DIRNAME: @@ -609,8 +614,11 @@ GENERAL_NAME * v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) { - int type; + uint8_t *bytes = NULL; char *name, *value; + GENERAL_NAME *ret; + size_t len = 0; + int type; name = cnf->name; value = cnf->value; @@ -640,7 +648,67 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, return NULL; } - return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + if (ret == NULL) + return NULL; + + /* + * Validate what we have for sanity. + */ + + if (is_nc) { + struct x509_constraints_name *constraints_name = NULL; + + if (!x509_constraints_validate(ret, &constraints_name, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s", name); + goto err; + } + x509_constraints_name_free(constraints_name); + return ret; + } + + type = x509_constraints_general_to_bytes(ret, &bytes, &len); + switch (type) { + case GEN_DNS: + if (!x509_constraints_valid_sandns(bytes, len)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_URI: + if (!x509_constraints_uri_host(bytes, len, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_EMAIL: + if (!x509_constraints_parse_mailbox(bytes, len, NULL)) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("name=%s value='%.*s'", name, + (int)len, bytes); + goto err; + } + break; + case GEN_IPADD: + if (len != 4 && len != 16) { + X509V3error(X509V3_R_BAD_IP_ADDRESS); + ERR_asprintf_error_data("name=%s len=%zu", name, len); + goto err; + } + break; + default: + break; + } + return ret; + err: + if (out == NULL) + GENERAL_NAME_free(ret); + return NULL; } static int diff --git a/externals/libressl/crypto/x509/x509_asid.c b/externals/libressl/crypto/x509/x509_asid.c new file mode 100755 index 000000000..c82f2f32c --- /dev/null +++ b/externals/libressl/crypto/x509/x509_asid.c @@ -0,0 +1,1145 @@ +/* $OpenBSD: x509_asid.c,v 1.30 2021/12/25 15:46:05 tb Exp $ */ +/* + * Contributed to the OpenSSL Project by the American Registry for + * Internet Numbers ("ARIN"). + */ +/* ==================================================================== + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + */ + +/* + * Implementation of RFC 3779 section 3.2. + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "x509_lcl.h" + +#ifndef OPENSSL_NO_RFC3779 + +static const ASN1_TEMPLATE ASRange_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ASRange, min), + .field_name = "min", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ASRange, max), + .field_name = "max", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM ASRange_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ASRange_seq_tt, + .tcount = sizeof(ASRange_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ASRange), + .sname = "ASRange", +}; + +static const ASN1_TEMPLATE ASIdOrRange_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ASIdOrRange, u.id), + .field_name = "u.id", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ASIdOrRange, u.range), + .field_name = "u.range", + .item = &ASRange_it, + }, +}; + +const ASN1_ITEM ASIdOrRange_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(ASIdOrRange, type), + .templates = ASIdOrRange_ch_tt, + .tcount = sizeof(ASIdOrRange_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ASIdOrRange), + .sname = "ASIdOrRange", +}; + +static const ASN1_TEMPLATE ASIdentifierChoice_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ASIdentifierChoice, u.inherit), + .field_name = "u.inherit", + .item = &ASN1_NULL_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(ASIdentifierChoice, u.asIdsOrRanges), + .field_name = "u.asIdsOrRanges", + .item = &ASIdOrRange_it, + }, +}; + +const ASN1_ITEM ASIdentifierChoice_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(ASIdentifierChoice, type), + .templates = ASIdentifierChoice_ch_tt, + .tcount = sizeof(ASIdentifierChoice_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ASIdentifierChoice), + .sname = "ASIdentifierChoice", +}; + +static const ASN1_TEMPLATE ASIdentifiers_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ASIdentifiers, asnum), + .field_name = "asnum", + .item = &ASIdentifierChoice_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(ASIdentifiers, rdi), + .field_name = "rdi", + .item = &ASIdentifierChoice_it, + }, +}; + +const ASN1_ITEM ASIdentifiers_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ASIdentifiers_seq_tt, + .tcount = sizeof(ASIdentifiers_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ASIdentifiers), + .sname = "ASIdentifiers", +}; + +ASRange * +d2i_ASRange(ASRange **a, const unsigned char **in, long len) +{ + return (ASRange *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASRange_it); +} + +int +i2d_ASRange(ASRange *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASRange_it); +} + +ASRange * +ASRange_new(void) +{ + return (ASRange *)ASN1_item_new(&ASRange_it); +} + +void +ASRange_free(ASRange *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASRange_it); +} + +ASIdOrRange * +d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in, long len) +{ + return (ASIdOrRange *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASIdOrRange_it); +} + +int +i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASIdOrRange_it); +} + +ASIdOrRange * +ASIdOrRange_new(void) +{ + return (ASIdOrRange *)ASN1_item_new(&ASIdOrRange_it); +} + +void +ASIdOrRange_free(ASIdOrRange *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASIdOrRange_it); +} + +ASIdentifierChoice * +d2i_ASIdentifierChoice(ASIdentifierChoice **a, const unsigned char **in, + long len) +{ + return (ASIdentifierChoice *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASIdentifierChoice_it); +} + +int +i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASIdentifierChoice_it); +} + +ASIdentifierChoice * +ASIdentifierChoice_new(void) +{ + return (ASIdentifierChoice *)ASN1_item_new(&ASIdentifierChoice_it); +} + +void +ASIdentifierChoice_free(ASIdentifierChoice *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASIdentifierChoice_it); +} + +ASIdentifiers * +d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in, long len) +{ + return (ASIdentifiers *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASIdentifiers_it); +} + +int +i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASIdentifiers_it); +} + +ASIdentifiers * +ASIdentifiers_new(void) +{ + return (ASIdentifiers *)ASN1_item_new(&ASIdentifiers_it); +} + +void +ASIdentifiers_free(ASIdentifiers *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASIdentifiers_it); +} + +/* + * i2r method for an ASIdentifierChoice. + */ +static int +i2r_ASIdentifierChoice(BIO *out, ASIdentifierChoice *choice, int indent, + const char *msg) +{ + int i; + char *s; + if (choice == NULL) + return 1; + BIO_printf(out, "%*s%s:\n", indent, "", msg); + switch (choice->type) { + case ASIdentifierChoice_inherit: + BIO_printf(out, "%*sinherit\n", indent + 2, ""); + break; + case ASIdentifierChoice_asIdsOrRanges: + for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); + i++) { + ASIdOrRange *aor = + sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + switch (aor->type) { + case ASIdOrRange_id: + if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == + NULL) + return 0; + BIO_printf(out, "%*s%s\n", indent + 2, "", s); + free(s); + break; + case ASIdOrRange_range: + if ((s = i2s_ASN1_INTEGER(NULL, + aor->u.range->min)) == NULL) + return 0; + BIO_printf(out, "%*s%s-", indent + 2, "", s); + free(s); + if ((s = i2s_ASN1_INTEGER(NULL, + aor->u.range->max)) == NULL) + return 0; + BIO_printf(out, "%s\n", s); + free(s); + break; + default: + return 0; + } + } + break; + default: + return 0; + } + return 1; +} + +/* + * i2r method for an ASIdentifier extension. + */ +static int +i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, void *ext, BIO *out, + int indent) +{ + ASIdentifiers *asid = ext; + return (i2r_ASIdentifierChoice(out, asid->asnum, indent, + "Autonomous System Numbers") && + i2r_ASIdentifierChoice(out, asid->rdi, indent, + "Routing Domain Identifiers")); +} + +/* + * Sort comparison function for a sequence of ASIdOrRange elements. + */ +static int +ASIdOrRange_cmp(const ASIdOrRange *const *a_, const ASIdOrRange *const *b_) +{ + const ASIdOrRange *a = *a_, *b = *b_; + + /* XXX: these asserts need to be replaced */ + OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + (a->type == ASIdOrRange_range && a->u.range != NULL && + a->u.range->min != NULL && a->u.range->max != NULL)); + + OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + (b->type == ASIdOrRange_range && b->u.range != NULL && + b->u.range->min != NULL && b->u.range->max != NULL)); + + if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) + return ASN1_INTEGER_cmp(a->u.id, b->u.id); + + if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { + int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); + return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, + b->u.range->max); + } + + if (a->type == ASIdOrRange_id) + return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); + else + return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); +} + +/* + * Add an inherit element. + */ +int +X509v3_asid_add_inherit(ASIdentifiers *asid, int which) +{ + ASIdentifierChoice **choice; + if (asid == NULL) + return 0; + switch (which) { + case V3_ASID_ASNUM: + choice = &asid->asnum; + break; + case V3_ASID_RDI: + choice = &asid->rdi; + break; + default: + return 0; + } + if (*choice == NULL) { + if ((*choice = ASIdentifierChoice_new()) == NULL) + return 0; + if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) + return 0; + (*choice)->type = ASIdentifierChoice_inherit; + } + return (*choice)->type == ASIdentifierChoice_inherit; +} + +/* + * Add an ID or range to an ASIdentifierChoice. + */ +int +X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min, + ASN1_INTEGER *max) +{ + ASIdentifierChoice **choice; + ASIdOrRange *aor; + if (asid == NULL) + return 0; + switch (which) { + case V3_ASID_ASNUM: + choice = &asid->asnum; + break; + case V3_ASID_RDI: + choice = &asid->rdi; + break; + default: + return 0; + } + if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) + return 0; + if (*choice == NULL) { + if ((*choice = ASIdentifierChoice_new()) == NULL) + return 0; + (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); + if ((*choice)->u.asIdsOrRanges == NULL) + return 0; + (*choice)->type = ASIdentifierChoice_asIdsOrRanges; + } + if ((aor = ASIdOrRange_new()) == NULL) + return 0; + if (max == NULL) { + aor->type = ASIdOrRange_id; + aor->u.id = min; + } else { + aor->type = ASIdOrRange_range; + if ((aor->u.range = ASRange_new()) == NULL) + goto err; + ASN1_INTEGER_free(aor->u.range->min); + aor->u.range->min = min; + ASN1_INTEGER_free(aor->u.range->max); + aor->u.range->max = max; + } + if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) + goto err; + return 1; + + err: + ASIdOrRange_free(aor); + return 0; +} + +/* + * Extract min and max values from an ASIdOrRange. + */ +static int +extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) +{ + switch (aor->type) { + case ASIdOrRange_id: + *min = aor->u.id; + *max = aor->u.id; + return 1; + case ASIdOrRange_range: + *min = aor->u.range->min; + *max = aor->u.range->max; + return 1; + } + + return 0; +} + +/* + * Check whether an ASIdentifierChoice is in canonical form. + */ +static int +ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) +{ + ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + + /* + * Empty element or inheritance is canonical. + */ + if (choice == NULL || choice->type == ASIdentifierChoice_inherit) + return 1; + + /* + * If not a list, or if empty list, it's broken. + */ + if (choice->type != ASIdentifierChoice_asIdsOrRanges || + sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) + return 0; + + /* + * It's a list, check it. + */ + for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i); + ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i + 1); + ASN1_INTEGER *a_min = NULL, + *a_max = NULL, + *b_min = NULL, + *b_max = + NULL; + + if (!extract_min_max(a, &a_min, &a_max) || + !extract_min_max(b, &b_min, &b_max)) + goto done; + + /* + * Punt misordered list, overlapping start, or inverted range. + */ + if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || + ASN1_INTEGER_cmp(a_min, a_max) > 0 || + ASN1_INTEGER_cmp(b_min, b_max) > 0) + goto done; + + /* + * Calculate a_max + 1 to check for adjacency. + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || + !BN_add_word(bn, 1)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; + X509V3error(ERR_R_MALLOC_FAILURE); + goto done; + } + + /* + * Punt if adjacent or overlapping. + */ + if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) + goto done; + } + + /* + * Check for inverted range. + */ + i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; + { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i); + ASN1_INTEGER *a_min, *a_max; + if (a != NULL && a->type == ASIdOrRange_range) { + if (!extract_min_max(a, &a_min, &a_max) || + ASN1_INTEGER_cmp(a_min, a_max) > 0) + goto done; + } + } + + ret = 1; + + done: + ASN1_INTEGER_free(a_max_plus_one); + BN_free(bn); + return ret; +} + +/* + * Check whether an ASIdentifier extension is in canonical form. + */ +int +X509v3_asid_is_canonical(ASIdentifiers *asid) +{ + return (asid == NULL || + (ASIdentifierChoice_is_canonical(asid->asnum) && + ASIdentifierChoice_is_canonical(asid->rdi))); +} + +/* + * Whack an ASIdentifierChoice into canonical form. + */ +static int +ASIdentifierChoice_canonize(ASIdentifierChoice *choice) +{ + ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + + /* + * Nothing to do for empty element or inheritance. + */ + if (choice == NULL || choice->type == ASIdentifierChoice_inherit) + return 1; + + /* + * If not a list, or if empty list, it's broken. + */ + if (choice->type != ASIdentifierChoice_asIdsOrRanges || + sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + return 0; + } + + /* + * We have a non-empty list. Sort it. + */ + sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); + + /* + * Now check for errors and suboptimal encoding, rejecting the + * former and fixing the latter. + */ + for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i); + ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i + 1); + ASN1_INTEGER *a_min = NULL, + *a_max = NULL, + *b_min = NULL, + *b_max = + NULL; + + if (!extract_min_max(a, &a_min, &a_max) || + !extract_min_max(b, &b_min, &b_max)) + goto done; + + /* + * Make sure we're properly sorted (paranoia). + */ + if (ASN1_INTEGER_cmp(a_min, b_min) > 0) + goto done; + + /* + * Punt inverted ranges. + */ + if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || + ASN1_INTEGER_cmp(b_min, b_max) > 0) + goto done; + + /* + * Check for overlaps. + */ + if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + goto done; + } + + /* + * Calculate a_max + 1 to check for adjacency. + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || + !BN_add_word(bn, 1)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; + X509V3error(ERR_R_MALLOC_FAILURE); + goto done; + } + + /* + * If a and b are adjacent, merge them. + */ + if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { + ASRange *r; + switch (a->type) { + case ASIdOrRange_id: + if ((r = calloc(1, sizeof(*r))) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto done; + } + r->min = a_min; + r->max = b_max; + a->type = ASIdOrRange_range; + a->u.range = r; + break; + case ASIdOrRange_range: + ASN1_INTEGER_free(a->u.range->max); + a->u.range->max = b_max; + break; + } + switch (b->type) { + case ASIdOrRange_id: + b->u.id = NULL; + break; + case ASIdOrRange_range: + b->u.range->max = NULL; + break; + } + ASIdOrRange_free(b); + (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, + i + 1); + i--; + continue; + } + } + + /* + * Check for final inverted range. + */ + i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; + { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, + i); + ASN1_INTEGER *a_min, *a_max; + if (a != NULL && a->type == ASIdOrRange_range) { + if (!extract_min_max(a, &a_min, &a_max) || + ASN1_INTEGER_cmp(a_min, a_max) > 0) + goto done; + } + } + + /* Paranoia */ + if (!ASIdentifierChoice_is_canonical(choice)) + goto done; + + ret = 1; + + done: + ASN1_INTEGER_free(a_max_plus_one); + BN_free(bn); + return ret; +} + +/* + * Whack an ASIdentifier extension into canonical form. + */ +int +X509v3_asid_canonize(ASIdentifiers *asid) +{ + return (asid == NULL || + (ASIdentifierChoice_canonize(asid->asnum) && + ASIdentifierChoice_canonize(asid->rdi))); +} + +/* + * v2i method for an ASIdentifier extension. + */ +static void * +v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE)*values) +{ + ASN1_INTEGER *min = NULL, *max = NULL; + ASIdentifiers *asid = NULL; + int i; + + if ((asid = ASIdentifiers_new()) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + CONF_VALUE *val = sk_CONF_VALUE_value(values, i); + int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; + + /* + * Figure out whether this is an AS or an RDI. + */ + if (!name_cmp(val->name, "AS")) { + which = V3_ASID_ASNUM; + } else if (!name_cmp(val->name, "RDI")) { + which = V3_ASID_RDI; + } else { + X509V3error(X509V3_R_EXTENSION_NAME_ERROR); + X509V3_conf_err(val); + goto err; + } + + /* + * Handle inheritance. + */ + if (strcmp(val->value, "inherit") == 0) { + if (X509v3_asid_add_inherit(asid, which)) + continue; + X509V3error(X509V3_R_INVALID_INHERITANCE); + X509V3_conf_err(val); + goto err; + } + + /* + * Number, range, or mistake, pick it apart and figure out which + */ + i1 = strspn(val->value, "0123456789"); + if (val->value[i1] == '\0') { + is_range = 0; + } else { + is_range = 1; + i2 = i1 + strspn(val->value + i1, " \t"); + if (val->value[i2] != '-') { + X509V3error(X509V3_R_INVALID_ASNUMBER); + X509V3_conf_err(val); + goto err; + } + i2++; + i2 = i2 + strspn(val->value + i2, " \t"); + i3 = i2 + strspn(val->value + i2, "0123456789"); + if (val->value[i3] != '\0') { + X509V3error(X509V3_R_INVALID_ASRANGE); + X509V3_conf_err(val); + goto err; + } + } + + /* + * Syntax is ok, read and add it. + */ + if (!is_range) { + if (!X509V3_get_value_int(val, &min)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + } else { + char *s = strdup(val->value); + if (s == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + s[i1] = '\0'; + min = s2i_ASN1_INTEGER(NULL, s); + max = s2i_ASN1_INTEGER(NULL, s + i2); + free(s); + if (min == NULL || max == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (ASN1_INTEGER_cmp(min, max) > 0) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + goto err; + } + } + if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + min = max = NULL; + } + + /* + * Canonize the result, then we're done. + */ + if (!X509v3_asid_canonize(asid)) + goto err; + return asid; + + err: + ASIdentifiers_free(asid); + ASN1_INTEGER_free(min); + ASN1_INTEGER_free(max); + return NULL; +} + +/* + * OpenSSL dispatch. + */ +const X509V3_EXT_METHOD v3_asid = { + .ext_nid = NID_sbgp_autonomousSysNum, + .ext_flags = 0, + .it = &ASIdentifiers_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_ASIdentifiers, + .i2r = i2r_ASIdentifiers, + .r2i = NULL, + .usr_data = NULL, +}; + +/* + * Figure out whether extension uses inheritance. + */ +int +X509v3_asid_inherits(ASIdentifiers *asid) +{ + return (asid != NULL && + ((asid->asnum != NULL && + asid->asnum->type == ASIdentifierChoice_inherit) || + (asid->rdi != NULL && + asid->rdi->type == ASIdentifierChoice_inherit))); +} + +/* + * Figure out whether parent contains child. + */ +static int +asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) +{ + ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; + int p, c; + + if (child == NULL || parent == child) + return 1; + if (parent == NULL) + return 0; + + p = 0; + for (c = 0; c < sk_ASIdOrRange_num(child); c++) { + if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, + &c_max)) + return 0; + for (;; p++) { + if (p >= sk_ASIdOrRange_num(parent)) + return 0; + if (!extract_min_max(sk_ASIdOrRange_value(parent, p), + &p_min, &p_max)) + return 0; + if (ASN1_INTEGER_cmp(p_max, c_max) < 0) + continue; + if (ASN1_INTEGER_cmp(p_min, c_min) > 0) + return 0; + break; + } + } + + return 1; +} + +/* + * Test whether a is a subset of b. + */ +int +X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) +{ + return (a == NULL || + a == b || + (b != NULL && + !X509v3_asid_inherits(a) && + !X509v3_asid_inherits(b) && + asid_contains(b->asnum->u.asIdsOrRanges, + a->asnum->u.asIdsOrRanges) && + asid_contains(b->rdi->u.asIdsOrRanges, + a->rdi->u.asIdsOrRanges))); +} + +/* + * Validation error handling via callback. + */ +#define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ + ctx->error_depth = i; \ + ctx->current_cert = x; \ + ret = ctx->verify_cb(0, ctx); \ + } else { \ + ret = 0; \ + } \ + if (!ret) \ + goto done; \ + } while (0) + +/* + * Core code for RFC 3779 3.3 path validation. + */ +static int +asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, + ASIdentifiers *ext) +{ + ASIdOrRanges *child_as = NULL, *child_rdi = NULL; + int i, ret = 1, inherit_as = 0, inherit_rdi = 0; + X509 *x; + + /* We need a non-empty chain to test against. */ + if (sk_X509_num(chain) <= 0) + goto err; + /* We need either a store ctx or an extension to work with. */ + if (ctx == NULL && ext == NULL) + goto err; + /* If there is a store ctx, it needs a verify_cb. */ + if (ctx != NULL && ctx->verify_cb == NULL) + goto err; + + /* + * Figure out where to start. If we don't have an extension to + * check, we're done. Otherwise, check canonical form and + * set up for walking up the chain. + */ + if (ext != NULL) { + i = -1; + x = NULL; + } else { + i = 0; + x = sk_X509_value(chain, i); + if ((ext = x->rfc3779_asid) == NULL) + goto done; + } + if (!X509v3_asid_is_canonical(ext)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + if (ext->asnum != NULL) { + switch (ext->asnum->type) { + case ASIdentifierChoice_inherit: + inherit_as = 1; + break; + case ASIdentifierChoice_asIdsOrRanges: + child_as = ext->asnum->u.asIdsOrRanges; + break; + } + } + if (ext->rdi != NULL) { + switch (ext->rdi->type) { + case ASIdentifierChoice_inherit: + inherit_rdi = 1; + break; + case ASIdentifierChoice_asIdsOrRanges: + child_rdi = ext->rdi->u.asIdsOrRanges; + break; + } + } + + /* + * Now walk up the chain. Extensions must be in canonical form, no + * cert may list resources that its parent doesn't list. + */ + for (i++; i < sk_X509_num(chain); i++) { + x = sk_X509_value(chain, i); + + if (x->rfc3779_asid == NULL) { + if (child_as != NULL || child_rdi != NULL) + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + continue; + } + if (!X509v3_asid_is_canonical(x->rfc3779_asid)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + child_as = NULL; + inherit_as = 0; + } + if (x->rfc3779_asid->asnum != NULL && + x->rfc3779_asid->asnum->type == + ASIdentifierChoice_asIdsOrRanges) { + if (inherit_as || + asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, + child_as)) { + child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; + inherit_as = 0; + } else { + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + } + } + if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + child_rdi = NULL; + inherit_rdi = 0; + } + if (x->rfc3779_asid->rdi != NULL && + x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { + if (inherit_rdi || + asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, + child_rdi)) { + child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; + inherit_rdi = 0; + } else { + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + } + } + } + + /* + * Trust anchor can't inherit. + */ + + if (x == NULL) + goto err; + + if (x->rfc3779_asid != NULL) { + if (x->rfc3779_asid->asnum != NULL && + x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + if (x->rfc3779_asid->rdi != NULL && + x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + } + + done: + return ret; + + err: + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + + return 0; +} + +#undef validation_err + +/* + * RFC 3779 3.3 path validation -- called from X509_verify_cert(). + */ +int +X509v3_asid_validate_path(X509_STORE_CTX *ctx) +{ + if (sk_X509_num(ctx->chain) <= 0 || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } + return asid_validate_path_internal(ctx, ctx->chain, NULL); +} + +/* + * RFC 3779 3.3 path validation of an extension. + * Test whether chain covers extension. + */ +int +X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, + int allow_inheritance) +{ + if (ext == NULL) + return 1; + if (sk_X509_num(chain) <= 0) + return 0; + if (!allow_inheritance && X509v3_asid_inherits(ext)) + return 0; + return asid_validate_path_internal(NULL, chain, ext); +} + +#endif /* OPENSSL_NO_RFC3779 */ diff --git a/externals/libressl/crypto/x509/x509_att.c b/externals/libressl/crypto/x509/x509_att.c index 1479b918c..38aa06314 100755 --- a/externals/libressl/crypto/x509/x509_att.c +++ b/externals/libressl/crypto/x509/x509_att.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_att.c,v 1.17 2018/05/18 19:21:33 tb Exp $ */ +/* $OpenBSD: x509_att.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { diff --git a/externals/libressl/crypto/x509/x509_cmp.c b/externals/libressl/crypto/x509/x509_cmp.c index 6d6e84089..4fd8d78fc 100755 --- a/externals/libressl/crypto/x509/x509_cmp.c +++ b/externals/libressl/crypto/x509/x509_cmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cmp.c,v 1.35 2019/03/13 20:34:00 tb Exp $ */ +/* $OpenBSD: x509_cmp.c,v 1.39 2022/02/24 22:05:06 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { @@ -140,7 +143,7 @@ X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { - return memcmp(a->sha1_hash, b->sha1_hash, 20); + return memcmp(a->hash, b->hash, X509_CRL_HASH_LEN); } #endif @@ -213,7 +216,7 @@ X509_cmp(const X509 *a, const X509 *b) X509_check_purpose((X509 *)a, -1, 0); X509_check_purpose((X509 *)b, -1, 0); - return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + return memcmp(a->hash, b->hash, X509_CERT_HASH_LEN); } #endif diff --git a/externals/libressl/crypto/x509/x509_conf.c b/externals/libressl/crypto/x509/x509_conf.c index 8bf2d10b9..cd703fc15 100755 --- a/externals/libressl/crypto/x509/x509_conf.c +++ b/externals/libressl/crypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + static int v3_check_critical(const char **value); static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, diff --git a/externals/libressl/crypto/x509/x509_constraints.c b/externals/libressl/crypto/x509/x509_constraints.c index 5659d6e6a..533bbbf4c 100755 --- a/externals/libressl/crypto/x509/x509_constraints.c +++ b/externals/libressl/crypto/x509/x509_constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_constraints.c,v 1.10 2020/09/21 05:41:43 tb Exp $ */ +/* $OpenBSD: x509_constraints.c,v 1.26 2022/03/26 16:34:21 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -36,7 +36,7 @@ #define DOMAIN_PART_MAX_LEN 255 struct x509_constraints_name * -x509_constraints_name_new() +x509_constraints_name_new(void) { return (calloc(1, sizeof(struct x509_constraints_name))); } @@ -69,9 +69,11 @@ x509_constraints_name_dup(struct x509_constraints_name *name) new->type = name->type; new->af = name->af; new->der_len = name->der_len; - if (name->der_len > 0 && (new->der = malloc(name->der_len)) == NULL) - goto err; - memcpy(new->der, name->der, name->der_len); + if (name->der_len > 0) { + if ((new->der = malloc(name->der_len)) == NULL) + goto err; + memcpy(new->der, name->der, name->der_len); + } if (name->name != NULL && (new->name = strdup(name->name)) == NULL) goto err; if (name->local != NULL && (new->local = strdup(name->local)) == NULL) @@ -84,9 +86,16 @@ x509_constraints_name_dup(struct x509_constraints_name *name) } struct x509_constraints_names * -x509_constraints_names_new() +x509_constraints_names_new(size_t names_max) { - return (calloc(1, sizeof(struct x509_constraints_names))); + struct x509_constraints_names *new; + + if ((new = calloc(1, sizeof(struct x509_constraints_names))) == NULL) + return NULL; + + new->names_max = names_max; + + return new; } void @@ -114,8 +123,8 @@ int x509_constraints_names_add(struct x509_constraints_names *names, struct x509_constraints_name *name) { - size_t i = names->names_count; - + if (names->names_count >= names->names_max) + return 0; if (names->names_count == names->names_len) { struct x509_constraints_name **tmp; if ((tmp = recallocarray(names->names, names->names_len, @@ -124,7 +133,7 @@ x509_constraints_names_add(struct x509_constraints_names *names, names->names_len += 32; names->names = tmp; } - names->names[i] = name; + names->names[names->names_count] = name; names->names_count++; return 1; } @@ -139,14 +148,16 @@ x509_constraints_names_dup(struct x509_constraints_names *names) if (names == NULL) return NULL; - if ((new = x509_constraints_names_new()) == NULL) + if ((new = x509_constraints_names_new(names->names_max)) == NULL) goto err; + for (i = 0; i < names->names_count; i++) { if ((name = x509_constraints_name_dup(names->names[i])) == NULL) goto err; if (!x509_constraints_names_add(new, name)) goto err; } + return new; err: x509_constraints_names_free(new); @@ -158,13 +169,15 @@ x509_constraints_names_dup(struct x509_constraints_names *names) /* * Validate that the name contains only a hostname consisting of RFC * 5890 compliant A-labels (see RFC 6066 section 3). This is more - * permissive to allow for a leading '*' for a SAN DNSname wildcard, - * or a leading '.' for a subdomain based constraint, as well as - * allowing for '_' which is commonly accepted by nonconformant - * DNS implementaitons. + * permissive to allow for a leading '.' for a subdomain based + * constraint, as well as allowing for '_' which is commonly accepted + * by nonconformant DNS implementaitons. + * + * if "wildcards" is set it allows '*' to occur in the string at the end of a + * component. */ static int -x509_constraints_valid_domain_internal(uint8_t *name, size_t len) +x509_constraints_valid_domain_internal(uint8_t *name, size_t len, int wildcards) { uint8_t prev, c = 0; int component = 0; @@ -187,8 +200,8 @@ x509_constraints_valid_domain_internal(uint8_t *name, size_t len) if (!isalnum(c) && c != '-' && c != '.' && c != '_' && c != '*') return 0; - /* '*' can only be the first thing. */ - if (c == '*' && !first) + /* if it is a '*', fail if not wildcards */ + if (!wildcards && c == '*') return 0; /* '-' must not start a component or be at the end. */ @@ -210,6 +223,13 @@ x509_constraints_valid_domain_internal(uint8_t *name, size_t len) component = 0; continue; } + /* + * Wildcards can only occur at the end of a component. + * c*.com is valid, c*c.com is not. + */ + if (prev == '*') + return 0; + /* Components must be 63 chars or less. */ if (++component > 63) return 0; @@ -222,15 +242,13 @@ x509_constraints_valid_domain(uint8_t *name, size_t len) { if (len == 0) return 0; - if (name[0] == '*') /* wildcard not allowed in a domain name */ - return 0; /* * A domain may not be less than two characters, so you can't * have a require subdomain name with less than that. */ if (len < 3 && name[0] == '.') return 0; - return x509_constraints_valid_domain_internal(name, len); + return x509_constraints_valid_domain_internal(name, len, 0); } int @@ -241,15 +259,13 @@ x509_constraints_valid_host(uint8_t *name, size_t len) if (len == 0) return 0; - if (name[0] == '*') /* wildcard not allowed in a host name */ - return 0; if (name[0] == '.') /* leading . not allowed in a host name*/ return 0; if (inet_pton(AF_INET, name, &sin4) == 1) return 0; if (inet_pton(AF_INET6, name, &sin6) == 1) return 0; - return x509_constraints_valid_domain_internal(name, len); + return x509_constraints_valid_domain_internal(name, len, 0); } int @@ -272,7 +288,7 @@ x509_constraints_valid_sandns(uint8_t *name, size_t len) if (len >= 4 && name[0] == '*' && name[1] != '.') return 0; - return x509_constraints_valid_domain_internal(name, len); + return x509_constraints_valid_domain_internal(name, len, 1); } static inline int @@ -323,16 +339,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, if (c == '.') goto bad; } - if (wi > DOMAIN_PART_MAX_LEN) - goto bad; if (accept) { + if (wi >= DOMAIN_PART_MAX_LEN) + goto bad; working[wi++] = c; accept = 0; continue; } if (candidate_local != NULL) { /* We are looking for the domain part */ - if (wi > DOMAIN_PART_MAX_LEN) + if (wi >= DOMAIN_PART_MAX_LEN) goto bad; working[wi++] = c; if (i == len - 1) { @@ -347,7 +363,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, continue; } /* We are looking for the local part */ - if (wi > LOCAL_PART_MAX_LEN) + if (wi >= LOCAL_PART_MAX_LEN) break; if (quoted) { @@ -367,12 +383,14 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, */ if (c == 9) goto bad; + if (wi >= LOCAL_PART_MAX_LEN) + goto bad; working[wi++] = c; continue; /* all's good inside our quoted string */ } if (c == '@') { if (wi == 0) - goto bad;; + goto bad; if (candidate_local != NULL) goto bad; candidate_local = strdup(working); @@ -396,6 +414,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, } if (!local_part_ok(c)) goto bad; + if (wi >= LOCAL_PART_MAX_LEN) + goto bad; working[wi++] = c; } if (candidate_local == NULL || candidate_domain == NULL) @@ -404,9 +424,14 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, strlen(candidate_domain))) goto bad; - name->local = candidate_local; - name->name = candidate_domain; - name->type = GEN_EMAIL; + if (name != NULL) { + name->local = candidate_local; + name->name = candidate_domain; + name->type = GEN_EMAIL; + } else { + free(candidate_local); + free(candidate_domain); + } return 1; bad: free(candidate_local); @@ -420,16 +445,13 @@ x509_constraints_valid_domain_constraint(uint8_t *constraint, size_t len) if (len == 0) return 1; /* empty constraints match */ - if (constraint[0] == '*') /* wildcard not allowed in a constraint */ - return 0; - /* * A domain may not be less than two characters, so you * can't match a single domain of less than that */ if (len < 3 && constraint[0] == '.') return 0; - return x509_constraints_valid_domain_internal(constraint, len); + return x509_constraints_valid_domain_internal(constraint, len, 0); } /* @@ -494,7 +516,8 @@ x509_constraints_uri_host(uint8_t *uri, size_t len, char **hostpart) host = authority; if (!x509_constraints_valid_host(host, hostlen)) return 0; - *hostpart = strndup(host, hostlen); + if (hostpart != NULL) + *hostpart = strndup(host, hostlen); return 1; } @@ -613,7 +636,11 @@ int x509_constraints_dirname(uint8_t *dirname, size_t dlen, uint8_t *constraint, size_t len) { - if (len != dlen) + /* + * The constraint must be a prefix in DER format, so it can't be + * longer than the name it is checked against. + */ + if (len > dlen) return 0; return (memcmp(constraint, dirname, len) == 0); } @@ -630,35 +657,45 @@ x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, if (name->type == GEN_DNS) { ASN1_IA5STRING *aname = name->d.dNSName; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_EMAIL) { ASN1_IA5STRING *aname = name->d.rfc822Name; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_URI) { ASN1_IA5STRING *aname = name->d.uniformResourceIdentifier; + *bytes = aname->data; - *len = strlen(aname->data); + *len = aname->length; + return name->type; } if (name->type == GEN_DIRNAME) { X509_NAME *dname = name->d.directoryName; + if (!dname->modified || i2d_X509_NAME(dname, NULL) >= 0) { *bytes = dname->canon_enc; *len = dname->canon_enclen; + return name->type; } } if (name->type == GEN_IPADD) { *bytes = name->d.ip->data; *len = name->d.ip->length; + return name->type; } + return 0; } @@ -696,11 +733,11 @@ x509_constraints_extract_names(struct x509_constraints_names *names, *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } - if ((vname->name = strdup(bytes)) == NULL) { + if ((vname->name = strndup(bytes, len)) == NULL) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - vname->type=GEN_DNS; + vname->type = GEN_DNS; include_cn = 0; /* don't use cn from subject */ break; case GEN_EMAIL: @@ -724,15 +761,15 @@ x509_constraints_extract_names(struct x509_constraints_names *names, vname->type = GEN_URI; break; case GEN_DIRNAME: + if (len == 0) { + *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + goto err; + } if (bytes == NULL || ((vname->der = malloc(len)) == NULL)) { *error = X509_V_ERR_OUT_OF_MEM; goto err; } - if (len == 0) { - *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - goto err; - } memcpy(vname->der, bytes, len); vname->der_len = len; vname->type = GEN_DIRNAME; @@ -742,8 +779,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names, vname->af = AF_INET; if (len == 16) vname->af = AF_INET6; - if (vname->af != AF_INET && vname->af != - AF_INET6) { + if (vname->af != AF_INET && vname->af != AF_INET6) { *error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; goto err; } @@ -870,21 +906,34 @@ x509_constraints_extract_names(struct x509_constraints_names *names, */ int x509_constraints_validate(GENERAL_NAME *constraint, - struct x509_constraints_name *name, int *error) + struct x509_constraints_name **out_name, int *out_error) { uint8_t *bytes = NULL; size_t len = 0; + struct x509_constraints_name *name; + int error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; int name_type; + if (out_name == NULL || *out_name != NULL) + return 0; + + if (out_error != NULL) + *out_error = 0; + + if ((name = x509_constraints_name_new()) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } + name_type = x509_constraints_general_to_bytes(constraint, &bytes, &len); switch (name_type) { case GEN_DIRNAME: - if (bytes == NULL || (name->der = malloc(len)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } if (len == 0) goto err; /* XXX The RFCs are delightfully vague */ + if (bytes == NULL || (name->der = malloc(len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } memcpy(name->der, bytes, len); name->der_len = len; name->type = GEN_DIRNAME; @@ -892,24 +941,31 @@ x509_constraints_validate(GENERAL_NAME *constraint, case GEN_DNS: if (!x509_constraints_valid_domain_constraint(bytes, len)) goto err; - if ((name->name = strdup(bytes)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; } name->type = GEN_DNS; break; case GEN_EMAIL: - if (memchr(bytes, '@', len) != NULL) { + if (len > 0 && memchr(bytes + 1, '@', len - 1) != NULL) { if (!x509_constraints_parse_mailbox(bytes, len, name)) goto err; - } else { - if (!x509_constraints_valid_domain_constraint(bytes, - len)) - goto err; - if ((name->name = strdup(bytes)) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; - return 0; - } + break; + } + /* + * Mail constraints of the form @domain.com are accepted by + * OpenSSL and Microsoft. + */ + if (len > 0 && bytes[0] == '@') { + bytes++; + len--; + } + if (!x509_constraints_valid_domain_constraint(bytes, len)) + goto err; + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; } name->type = GEN_EMAIL; break; @@ -927,15 +983,25 @@ x509_constraints_validate(GENERAL_NAME *constraint, case GEN_URI: if (!x509_constraints_valid_domain_constraint(bytes, len)) goto err; - name->name = strdup(bytes); + if ((name->name = strndup(bytes, len)) == NULL) { + error = X509_V_ERR_OUT_OF_MEM; + goto err; + } name->type = GEN_URI; break; default: break; } + + *out_name = name; + return 1; + err: - *error = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX; + x509_constraints_name_free(name); + if (out_error != NULL) + *out_error = error; + return 0; } @@ -945,7 +1011,7 @@ x509_constraints_extract_constraints(X509 *cert, struct x509_constraints_names *excluded, int *error) { - struct x509_constraints_name *vname; + struct x509_constraints_name *vname = NULL; NAME_CONSTRAINTS *nc = cert->nc; GENERAL_SUBTREE *subtree; int i; @@ -960,24 +1026,20 @@ x509_constraints_extract_constraints(X509 *cert, *error = X509_V_ERR_SUBTREE_MINMAX; return 0; } - if ((vname = x509_constraints_name_new()) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; + if (!x509_constraints_validate(subtree->base, &vname, error)) return 0; - } - if (x509_constraints_validate(subtree->base, vname, error) == - 0) { - x509_constraints_name_free(vname); - return 0; - } if (vname->type == 0) { x509_constraints_name_free(vname); + vname = NULL; continue; } if (!x509_constraints_names_add(permitted, vname)) { x509_constraints_name_free(vname); + vname = NULL; *error = X509_V_ERR_OUT_OF_MEM; return 0; } + vname = NULL; } for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { @@ -986,24 +1048,20 @@ x509_constraints_extract_constraints(X509 *cert, *error = X509_V_ERR_SUBTREE_MINMAX; return 0; } - if ((vname = x509_constraints_name_new()) == NULL) { - *error = X509_V_ERR_OUT_OF_MEM; + if (!x509_constraints_validate(subtree->base, &vname, error)) return 0; - } - if (x509_constraints_validate(subtree->base, vname, error) == - 0) { - x509_constraints_name_free(vname); - return 0; - } if (vname->type == 0) { x509_constraints_name_free(vname); + vname = NULL; continue; } if (!x509_constraints_names_add(excluded, vname)) { x509_constraints_name_free(vname); + vname = NULL; *error = X509_V_ERR_OUT_OF_MEM; return 0; } + vname = NULL; } return 1; @@ -1115,7 +1173,8 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth) goto err; if (chain_length == 1) return 1; - if ((names = x509_constraints_names_new()) == NULL) { + if ((names = x509_constraints_names_new( + X509_VERIFY_MAX_CHAIN_NAMES)) == NULL) { verify_err = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -1128,13 +1187,13 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth) if ((cert = sk_X509_value(chain, i)) == NULL) goto err; if (cert->nc != NULL) { - if ((permitted = - x509_constraints_names_new()) == NULL) { + if ((permitted = x509_constraints_names_new( + X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) { verify_err = X509_V_ERR_OUT_OF_MEM; goto err; } - if ((excluded = - x509_constraints_names_new()) == NULL) { + if ((excluded = x509_constraints_names_new( + X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) { verify_err = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -1159,10 +1218,6 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth) if (!x509_constraints_extract_names(names, cert, 0, &verify_err)) goto err; - if (names->names_count > X509_VERIFY_MAX_CHAIN_NAMES) { - verify_err = X509_V_ERR_OUT_OF_MEM; - goto err; - } } x509_constraints_names_free(names); diff --git a/externals/libressl/crypto/x509/x509_cpols.c b/externals/libressl/crypto/x509/x509_cpols.c index 4b6c13cfb..93527a436 100755 --- a/externals/libressl/crypto/x509/x509_cpols.c +++ b/externals/libressl/crypto/x509/x509_cpols.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cpols.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_cpols.c,v 1.4 2022/01/14 08:16:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -66,6 +66,7 @@ #include #include "pcy_int.h" +#include "x509_lcl.h" /* Certificate policies extension support: this one is a bit complex... */ @@ -232,7 +233,6 @@ static const ASN1_ADB_TABLE POLICYQUALINFO_adbtbl[] = { static const ASN1_ADB POLICYQUALINFO_adb = { .flags = 0, .offset = offsetof(POLICYQUALINFO, pqualid), - .app_items = 0, .tbl = POLICYQUALINFO_adbtbl, .tblcount = sizeof(POLICYQUALINFO_adbtbl) / sizeof(ASN1_ADB_TABLE), .default_tt = &policydefault_tt, @@ -696,7 +696,8 @@ print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s\n", indent, "", + BIO_printf(out, "%*sCPS: %.*s\n", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; @@ -724,8 +725,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { @@ -741,8 +742,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); + BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", + notice->exptext->length, notice->exptext->data); } void diff --git a/externals/libressl/crypto/x509/x509_crld.c b/externals/libressl/crypto/x509/x509_crld.c index ff60a880f..6b6f79537 100755 --- a/externals/libressl/crypto/x509/x509_crld.c +++ b/externals/libressl/crypto/x509/x509_crld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_crld.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_crld.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, diff --git a/externals/libressl/crypto/x509/x509_err.c b/externals/libressl/crypto/x509/x509_err.c index cac734ddf..a8e915571 100755 --- a/externals/libressl/crypto/x509/x509_err.c +++ b/externals/libressl/crypto/x509/x509_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_err.c,v 1.15 2020/06/05 16:51:12 jsing Exp $ */ +/* $OpenBSD: x509_err.c,v 1.16 2021/11/10 13:57:42 schwarze Exp $ */ /* ==================================================================== * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * @@ -96,6 +96,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERTIFICATE_OR_CRL_FOUND), "no certificate or crl found"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, diff --git a/externals/libressl/crypto/x509/x509_ext.c b/externals/libressl/crypto/x509/x509_ext.c index 21374a26e..144595119 100755 --- a/externals/libressl/crypto/x509/x509_ext.c +++ b/externals/libressl/crypto/x509/x509_ext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ext.c,v 1.12 2018/05/18 19:28:27 tb Exp $ */ +/* $OpenBSD: x509_ext.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + int X509_CRL_get_ext_count(const X509_CRL *x) { diff --git a/externals/libressl/crypto/x509/x509_genn.c b/externals/libressl/crypto/x509/x509_genn.c index 848006acf..dadf6f1e4 100755 --- a/externals/libressl/crypto/x509/x509_genn.c +++ b/externals/libressl/crypto/x509/x509_genn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_genn.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_genn.c,v 1.2 2020/12/08 15:06:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -117,16 +117,17 @@ OTHERNAME_free(OTHERNAME *a) ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it); } +/* Uses explicit tagging since DIRECTORYSTRING is a CHOICE type */ static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = { { - .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, .tag = 0, .offset = offsetof(EDIPARTYNAME, nameAssigner), .field_name = "nameAssigner", .item = &DIRECTORYSTRING_it, }, { - .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .flags = ASN1_TFLG_EXPLICIT, .tag = 1, .offset = offsetof(EDIPARTYNAME, partyName), .field_name = "partyName", @@ -324,6 +325,37 @@ GENERAL_NAME_dup(GENERAL_NAME *a) return ASN1_item_dup(&GENERAL_NAME_it, a); } +static int +EDIPARTYNAME_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) +{ + int res; + + /* + * Shouldn't be possible in a valid GENERAL_NAME, but we handle it + * anyway. OTHERNAME_cmp treats NULL != NULL, so we do the same here. + */ + if (a == NULL || b == NULL) + return -1; + if (a->nameAssigner == NULL && b->nameAssigner != NULL) + return -1; + if (a->nameAssigner != NULL && b->nameAssigner == NULL) + return 1; + /* If we get here, both have nameAssigner set or both unset. */ + if (a->nameAssigner != NULL) { + res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); + if (res != 0) + return res; + } + /* + * partyName is required, so these should never be NULL. We treat it in + * the same way as the a == NULL || b == NULL case above. + */ + if (a->partyName == NULL || b->partyName == NULL) + return -1; + + return ASN1_STRING_cmp(a->partyName, b->partyName); +} + /* Returns 0 if they are equal, != 0 otherwise. */ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) @@ -334,8 +366,11 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) return -1; switch (a->type) { case GEN_X400: + result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + break; + case GEN_EDIPARTY: - result = ASN1_TYPE_cmp(a->d.other, b->d.other); + result = EDIPARTYNAME_cmp(a->d.ediPartyName, b->d.ediPartyName); break; case GEN_OTHERNAME: @@ -384,8 +419,11 @@ GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: + a->d.x400Address = value; + break; + case GEN_EDIPARTY: - a->d.other = value; + a->d.ediPartyName = value; break; case GEN_OTHERNAME: @@ -420,8 +458,10 @@ GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) *ptype = a->type; switch (a->type) { case GEN_X400: + return a->d.x400Address; + case GEN_EDIPARTY: - return a->d.other; + return a->d.ediPartyName; case GEN_OTHERNAME: return a->d.otherName; diff --git a/externals/libressl/crypto/x509/x509_internal.h b/externals/libressl/crypto/x509/x509_internal.h index 9d69055af..c6ce5229a 100755 --- a/externals/libressl/crypto/x509/x509_internal.h +++ b/externals/libressl/crypto/x509/x509_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_internal.h,v 1.3 2020/09/15 11:55:14 beck Exp $ */ +/* $OpenBSD: x509_internal.h,v 1.18 2022/03/14 21:15:49 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -22,6 +22,8 @@ #include +#include "x509_lcl.h" + /* Hard limits on structure size and number of signature checks. */ #define X509_VERIFY_MAX_CHAINS 8 /* Max validated chains */ #define X509_VERIFY_MAX_CHAIN_CERTS 32 /* Max depth of a chain */ @@ -51,18 +53,23 @@ struct x509_constraints_name { struct x509_constraints_names { struct x509_constraints_name **names; - size_t names_len; size_t names_count; + size_t names_len; + size_t names_max; }; struct x509_verify_chain { STACK_OF(X509) *certs; /* Kept in chain order, includes leaf */ + int *cert_errors; /* Verify error for each cert in chain. */ struct x509_constraints_names *names; /* All names from all certs */ }; struct x509_verify_ctx { X509_STORE_CTX *xsc; struct x509_verify_chain **chains; /* Validated chains */ + STACK_OF(X509) *saved_error_chain; + int saved_error; + int saved_error_depth; size_t chains_count; STACK_OF(X509) *roots; /* Trusted roots for this validation */ STACK_OF(X509) *intermediates; /* Intermediates provided by peer */ @@ -72,8 +79,8 @@ struct x509_verify_ctx { size_t max_depth; /* Max chain depth for validation */ size_t max_sigs; /* Max number of signature checks */ size_t sig_checks; /* Number of signature checks done */ - size_t error_depth; /* Depth of last error seen */ - int error; /* Last error seen */ + size_t error_depth; /* Depth of last error seen */ + int error; /* Last error seen */ }; int ASN1_time_tm_clamp_notafter(struct tm *tm); @@ -85,21 +92,24 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx); int x509_vfy_check_policy(X509_STORE_CTX *ctx); int x509_vfy_check_trust(X509_STORE_CTX *ctx); int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx); +int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx); void x509v3_cache_extensions(X509 *x); +X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x); -int x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, - int notafter); +time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter); -struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, - STACK_OF(X509) *roots); +struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc); void x509_constraints_name_clear(struct x509_constraints_name *name); +void x509_constraints_name_free(struct x509_constraints_name *name); int x509_constraints_names_add(struct x509_constraints_names *names, struct x509_constraints_name *name); struct x509_constraints_names *x509_constraints_names_dup( struct x509_constraints_names *names); void x509_constraints_names_clear(struct x509_constraints_names *names); -struct x509_constraints_names *x509_constraints_names_new(void); +struct x509_constraints_names *x509_constraints_names_new(size_t names_max); +int x509_constraints_general_to_bytes(GENERAL_NAME *name, uint8_t **bytes, + size_t *len); void x509_constraints_names_free(struct x509_constraints_names *names); int x509_constraints_valid_host(uint8_t *name, size_t len); int x509_constraints_valid_sandns(uint8_t *name, size_t len); @@ -117,11 +127,14 @@ int x509_constraints_extract_names(struct x509_constraints_names *names, int x509_constraints_extract_constraints(X509 *cert, struct x509_constraints_names *permitted, struct x509_constraints_names *excluded, int *error); +int x509_constraints_validate(GENERAL_NAME *constraint, + struct x509_constraints_name **out_name, int *error); int x509_constraints_check(struct x509_constraints_names *names, struct x509_constraints_names *permitted, struct x509_constraints_names *excluded, int *error); int x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth); +void x509_verify_cert_info_populate(X509 *cert); __END_HIDDEN_DECLS diff --git a/externals/libressl/crypto/x509/x509_issuer_cache.c b/externals/libressl/crypto/x509/x509_issuer_cache.c index 6831c1898..26cde1723 100755 --- a/externals/libressl/crypto/x509/x509_issuer_cache.c +++ b/externals/libressl/crypto/x509/x509_issuer_cache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.c,v 1.1 2020/09/11 14:30:51 beck Exp $ */ +/* $OpenBSD: x509_issuer_cache.c,v 1.2 2020/11/18 17:00:59 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -77,9 +77,9 @@ x509_issuer_cache_set_max(size_t max) * Find a previous result of checking if parent signed child * * Returns: - * -1 : No entry exists in the cache. signature must be checked. - * 0 : The signature of parent signing child is invalid. - * 1 : The signature of parent signing child is valid. + * -1 : No entry exists in the cache. signature must be checked. + * 0 : The signature of parent signing child is invalid. + * 1 : The signature of parent signing child is valid. */ int x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md) @@ -98,7 +98,7 @@ x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md) return -1; if ((found = RB_FIND(x509_issuer_tree, &x509_issuer_cache, &candidate)) != NULL) { - TAILQ_REMOVE(&x509_issuer_lru, found, queue); + TAILQ_REMOVE(&x509_issuer_lru, found, queue); TAILQ_INSERT_HEAD(&x509_issuer_lru, found, queue); ret = found->valid; } @@ -111,7 +111,7 @@ x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md) * Attempt to add a validation result to the cache. * * valid must be: - * 0: The signature of parent signing child is invalid. + * 0: The signature of parent signing child is invalid. * 1: The signature of parent signing child is valid. * * Previously added entries for the same parent and child are *not* replaced. diff --git a/externals/libressl/crypto/x509/x509_lcl.h b/externals/libressl/crypto/x509/x509_lcl.h index 3e83b66dd..e7eb733f7 100755 --- a/externals/libressl/crypto/x509/x509_lcl.h +++ b/externals/libressl/crypto/x509/x509_lcl.h @@ -56,8 +56,329 @@ * */ +#ifndef HEADER_X509_LCL_H +#define HEADER_X509_LCL_H + __BEGIN_HIDDEN_DECLS +#define TS_HASH_EVP EVP_sha1() +#define TS_HASH_LEN SHA_DIGEST_LENGTH + +#define X509_CERT_HASH_EVP EVP_sha512() +#define X509_CERT_HASH_LEN SHA512_DIGEST_LENGTH +#define X509_CRL_HASH_EVP EVP_sha512() +#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH + +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +}; + +struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +} /* X509_SIG */; + +struct X509_name_entry_st { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; + int size; /* temp variable */ +} /* X509_NAME_ENTRY */; + +/* we always keep X509_NAMEs in 2 forms. */ +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; /* true if 'bytes' needs to be built */ +#ifndef OPENSSL_NO_BUFFER + BUF_MEM *bytes; +#else + char *bytes; +#endif +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */; + +struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +} /* X509_EXTENSION */; + +struct x509_attributes_st { + ASN1_OBJECT *object; + int single; /* 0 for a set, 1 for a single item (which is wrong) */ + union { + char *ptr; +/* 0 */ STACK_OF(ASN1_TYPE) *set; +/* 1 */ ASN1_TYPE *single; + } value; +} /* X509_ATTRIBUTE */; + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +} /* X509_REQ_INFO */; + +struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; +} /* X509_REQ */; + +/* + * This stuff is certificate "auxiliary info" it contains details which are + * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself. + */ +struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +} /* X509_CERT_AUX */; + +struct x509_cinf_st { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; +} /* X509_CINF */; + +struct x509_st { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int valid; + int references; + char *name; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +#ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +#endif + unsigned char hash[X509_CERT_HASH_LEN]; + time_t not_before; + time_t not_after; + X509_CERT_AUX *aux; +} /* X509 */; + +struct x509_revoked_st { + ASN1_INTEGER *serialNumber; + ASN1_TIME *revocationDate; + STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; + int sequence; /* load sequence */ +}; + +struct X509_crl_info_st { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + STACK_OF(X509_REVOKED) *revoked; + STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; +} /* X509_CRL_INFO */; + +struct X509_crl_st { + /* actual signature */ + X509_CRL_INFO *crl; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; + unsigned char hash[X509_CRL_HASH_LEN]; + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; +} /* X509_CRL */; + +struct pkcs8_priv_key_info_st { + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_OCTET_STRING *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct x509_object_st { + /* one of the above types */ + int type; + union { + X509 *x509; + X509_CRL *crl; + } data; +} /* X509_OBJECT */; + +struct x509_lookup_method_st { + const char *name; + int (*new_item)(X509_LOOKUP *ctx); + void (*free)(X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx); + int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial,X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, + const unsigned char *bytes, int len, X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, + int len, X509_OBJECT *ret); +} /* X509_LOOKUP_METHOD */; + +struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +} /* X509_VERIFY_PARAM */; + +/* + * This is used to hold everything. It is used for all certificate + * validation. Once we have a certificate chain, the 'verify' + * function is then called to actually check the cert chain. + */ +struct x509_store_st { + /* The following is a cache of trusted certs */ + STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + + /* These are external lookup methods */ + STACK_OF(X509_LOOKUP) *get_cert_methods; + + X509_VERIFY_PARAM *param; + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + CRYPTO_EX_DATA ex_data; + int references; +} /* X509_STORE */; + +/* This is the functions plus an instance of the local variables. */ +struct x509_lookup_st { + int init; /* have we been started */ + X509_LOOKUP_METHOD *method; /* the functions */ + char *method_data; /* method data */ + + X509_STORE *store_ctx; /* who owns us */ +} /* X509_LOOKUP */; + +/* + * This is used when verifying cert chains. Since the gathering of the cert + * chain can take some time (and has to be 'retried'), this needs to be kept + * and passed around. + */ +struct x509_store_ctx_st { + X509_STORE *store; + int current_method; /* used when looking up certs */ + + /* The following are set by the caller */ + X509 *cert; /* The cert to check */ + STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ + STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + + X509_VERIFY_PARAM *param; + void *other_ctx; /* Other info for use with get_issuer() */ + + /* Callbacks for various operations */ + int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ + int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); + int (*cleanup)(X509_STORE_CTX *ctx); + + /* The following is built up */ + int valid; /* if 0, rebuild chain */ + int num_untrusted; /* number of untrusted certs in chain */ + STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ + X509_POLICY_TREE *tree; /* Valid policy tree */ + + int explicit_policy; /* Require explicit policy value */ + + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + X509 *current_issuer; /* cert currently being tested as valid issuer */ + X509_CRL *current_crl; /* current CRL */ + + int current_crl_score; /* score of current CRL */ + unsigned int current_reasons; /* Reason mask */ + + X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + + CRYPTO_EX_DATA ex_data; +} /* X509_STORE_CTX */; + int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); +int name_cmp(const char *name, const char *cmp); + __END_HIDDEN_DECLS + +#endif /* !HEADER_X509_LCL_H */ diff --git a/externals/libressl/crypto/x509/x509_lib.c b/externals/libressl/crypto/x509/x509_lib.c index 211d0adfe..a518d5b95 100755 --- a/externals/libressl/crypto/x509/x509_lib.c +++ b/externals/libressl/crypto/x509/x509_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lib.c,v 1.2 2020/09/14 11:35:32 beck Exp $ */ +/* $OpenBSD: x509_lib.c,v 1.3 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include #include "ext_dat.h" +#include "x509_lcl.h" static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; diff --git a/externals/libressl/crypto/x509/x509_lu.c b/externals/libressl/crypto/x509/x509_lu.c index f21103c70..90d75497d 100755 --- a/externals/libressl/crypto/x509/x509_lu.c +++ b/externals/libressl/crypto/x509/x509_lu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lu.c,v 1.30 2018/08/24 19:21:09 tb Exp $ */ +/* $OpenBSD: x509_lu.c,v 1.55 2022/01/14 07:53:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -64,27 +65,24 @@ #include #include "x509_lcl.h" -static void X509_OBJECT_dec_ref_count(X509_OBJECT *a); - X509_LOOKUP * X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { - X509_LOOKUP *ret; + X509_LOOKUP *lu; - ret = malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) - return NULL; - - ret->init = 0; - ret->skip = 0; - ret->method = method; - ret->method_data = NULL; - ret->store_ctx = NULL; - if ((method->new_item != NULL) && !method->new_item(ret)) { - free(ret); + if ((lu = calloc(1, sizeof(*lu))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); return NULL; } - return ret; + + lu->method = method; + + if (method->new_item != NULL && !method->new_item(lu)) { + free(lu); + return NULL; + } + + return lu; } void @@ -92,8 +90,8 @@ X509_LOOKUP_free(X509_LOOKUP *ctx) { if (ctx == NULL) return; - if ((ctx->method != NULL) && (ctx->method->free != NULL)) - (*ctx->method->free)(ctx); + if (ctx->method != NULL && ctx->method->free != NULL) + ctx->method->free(ctx); free(ctx); } @@ -102,10 +100,9 @@ X509_LOOKUP_init(X509_LOOKUP *ctx) { if (ctx->method == NULL) return 0; - if (ctx->method->init != NULL) - return ctx->method->init(ctx); - else + if (ctx->method->init == NULL) return 1; + return ctx->method->init(ctx); } int @@ -113,10 +110,9 @@ X509_LOOKUP_shutdown(X509_LOOKUP *ctx) { if (ctx->method == NULL) return 0; - if (ctx->method->shutdown != NULL) - return ctx->method->shutdown(ctx); - else + if (ctx->method->shutdown == NULL) return 1; + return ctx->method->shutdown(ctx); } int @@ -125,48 +121,44 @@ X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, { if (ctx->method == NULL) return -1; - if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx, cmd, argc, argl, ret); - else + if (ctx->method->ctrl == NULL) return 1; + return ctx->method->ctrl(ctx, cmd, argc, argl, ret); } int -X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, +X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) - return X509_LU_FAIL; - if (ctx->skip) + if (ctx->method == NULL || ctx->method->get_by_subject == NULL) return 0; return ctx->method->get_by_subject(ctx, type, name, ret); } int -X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret) +X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret) { - if ((ctx->method == NULL) || - (ctx->method->get_by_issuer_serial == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_issuer_serial == NULL) + return 0; return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); } int -X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, +X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const unsigned char *bytes, int len, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_fingerprint == NULL) + return 0; return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); } int -X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, int len, - X509_OBJECT *ret) +X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, + int len, X509_OBJECT *ret) { - if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) - return X509_LU_FAIL; + if (ctx->method == NULL || ctx->method->get_by_alias == NULL) + return 0; return ctx->method->get_by_alias(ctx, type, str, len, ret); } @@ -175,273 +167,267 @@ x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) { int ret; - ret = ((*a)->type - (*b)->type); - if (ret) + if ((ret = (*a)->type - (*b)->type) != 0) return ret; + switch ((*a)->type) { case X509_LU_X509: - ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); - break; + return X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); case X509_LU_CRL: - ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); - break; - default: - /* abort(); */ - return 0; + return X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); } - return ret; + return 0; } X509_STORE * X509_STORE_new(void) { - X509_STORE *ret; + X509_STORE *store; - if ((ret = malloc(sizeof(X509_STORE))) == NULL) - return NULL; - ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache = 1; - ret->get_cert_methods = sk_X509_LOOKUP_new_null(); - ret->verify = 0; - ret->verify_cb = 0; - - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + if ((store = calloc(1, sizeof(*store))) == NULL) goto err; - ret->get_issuer = 0; - ret->check_issued = 0; - ret->check_revocation = 0; - ret->get_crl = 0; - ret->check_crl = 0; - ret->cert_crl = 0; - ret->lookup_certs = 0; - ret->lookup_crls = 0; - ret->cleanup = 0; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + if ((store->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + goto err; + if ((store->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + goto err; + if ((store->param = X509_VERIFY_PARAM_new()) == NULL) goto err; - ret->references = 1; - return ret; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, store, + &store->ex_data)) + goto err; + + store->references = 1; + + return store; + + err: + X509error(ERR_R_MALLOC_FAILURE); + X509_STORE_free(store); -err: - X509_VERIFY_PARAM_free(ret->param); - sk_X509_LOOKUP_free(ret->get_cert_methods); - sk_X509_OBJECT_free(ret->objs); - free(ret); return NULL; } -static void +X509_OBJECT * +X509_OBJECT_new(void) +{ + X509_OBJECT *obj; + + if ((obj = calloc(1, sizeof(*obj))) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + obj->type = X509_LU_NONE; + + return obj; +} + +void X509_OBJECT_free(X509_OBJECT *a) { - X509_OBJECT_free_contents(a); + if (a == NULL) + return; + + switch (a->type) { + case X509_LU_X509: + X509_free(a->data.x509); + break; + case X509_LU_CRL: + X509_CRL_free(a->data.crl); + break; + } + free(a); } void -X509_STORE_free(X509_STORE *vfy) +X509_STORE_free(X509_STORE *store) { - int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; + int i; - if (vfy == NULL) + if (store == NULL) return; - i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); - if (i > 0) + if (CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE) > 0) return; - sk = vfy->get_cert_methods; + sk = store->get_cert_methods; for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { lu = sk_X509_LOOKUP_value(sk, i); X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); } sk_X509_LOOKUP_free(sk); - sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); + sk_X509_OBJECT_pop_free(store->objs, X509_OBJECT_free); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); - X509_VERIFY_PARAM_free(vfy->param); - free(vfy); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, store, &store->ex_data); + X509_VERIFY_PARAM_free(store->param); + free(store); } int -X509_STORE_up_ref(X509_STORE *x) +X509_STORE_up_ref(X509_STORE *store) { - int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_STORE); - return (refs > 1) ? 1 : 0; + return CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE) > 1; } X509_LOOKUP * -X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +X509_STORE_add_lookup(X509_STORE *store, X509_LOOKUP_METHOD *method) { - int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; + int i; - sk = v->get_cert_methods; + sk = store->get_cert_methods; for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { lu = sk_X509_LOOKUP_value(sk, i); - if (m == lu->method) { + if (method == lu->method) { return lu; } } - /* a new one */ - lu = X509_LOOKUP_new(m); - if (lu == NULL) + + if ((lu = X509_LOOKUP_new(method)) == NULL) + return NULL; + + lu->store_ctx = store; + if (sk_X509_LOOKUP_push(store->get_cert_methods, lu) <= 0) { + X509error(ERR_R_MALLOC_FAILURE); + X509_LOOKUP_free(lu); return NULL; - else { - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) - return lu; - else { - X509_LOOKUP_free(lu); - return NULL; - } } + + return lu; +} + +X509_OBJECT * +X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name) +{ + X509_OBJECT *obj; + + if ((obj = X509_OBJECT_new()) == NULL) + return NULL; + if (!X509_STORE_CTX_get_by_subject(vs, type, name, obj)) { + X509_OBJECT_free(obj); + return NULL; + } + + return obj; } int -X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) +X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *ctx = vs->store; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; - int i, j; + int i; + + if (ctx == NULL) + return 0; + + memset(&stmp, 0, sizeof(stmp)); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp == NULL || type == X509_LU_CRL) { - for (i = vs->current_method; - i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); - j = X509_LOOKUP_by_subject(lu, type, name, &stmp); - if (j < 0) { - vs->current_method = j; - return j; - } else if (j) { + if (X509_LOOKUP_by_subject(lu, type, name, &stmp) != 0) { tmp = &stmp; break; } } - vs->current_method = 0; if (tmp == NULL) return 0; } -/* if (ret->data.ptr != NULL) - X509_OBJECT_free_contents(ret); */ + if (!X509_OBJECT_up_ref_count(tmp)) + return 0; - ret->type = tmp->type; - ret->data.ptr = tmp->data.ptr; - - X509_OBJECT_up_ref_count(ret); + *ret = *tmp; return 1; } +/* Add obj to the store. Takes ownership of obj. */ +static int +X509_STORE_add_object(X509_STORE *store, X509_OBJECT *obj) +{ + int ret = 0; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + + if (X509_OBJECT_retrieve_match(store->objs, obj) != NULL) { + /* Object is already present in the store. That's fine. */ + ret = 1; + goto out; + } + + if (sk_X509_OBJECT_push(store->objs, obj) <= 0) { + X509error(ERR_R_MALLOC_FAILURE); + goto out; + } + + obj = NULL; + ret = 1; + + out: + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_OBJECT_free(obj); + + return ret; +} + int -X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +X509_STORE_add_cert(X509_STORE *store, X509 *x) { X509_OBJECT *obj; - int ret = 1; if (x == NULL) return 0; - obj = malloc(sizeof(X509_OBJECT)); - if (obj == NULL) { - X509error(ERR_R_MALLOC_FAILURE); + + if ((obj = X509_OBJECT_new()) == NULL) + return 0; + + if (!X509_up_ref(x)) { + X509_OBJECT_free(obj); return 0; } + obj->type = X509_LU_X509; obj->data.x509 = x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - - X509_OBJECT_up_ref_count(obj); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { - X509error(ERR_R_MALLOC_FAILURE); - ret = 0; - } - } - - if (ret == 0) - X509_OBJECT_dec_ref_count(obj); - - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - if (ret == 0) { - obj->data.x509 = NULL; /* owned by the caller */ - X509_OBJECT_free(obj); - } - - return ret; + return X509_STORE_add_object(store, obj); } int -X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +X509_STORE_add_crl(X509_STORE *store, X509_CRL *x) { X509_OBJECT *obj; - int ret = 1; if (x == NULL) return 0; - obj = malloc(sizeof(X509_OBJECT)); - if (obj == NULL) { - X509error(ERR_R_MALLOC_FAILURE); + + if ((obj = X509_OBJECT_new()) == NULL) + return 0; + + if (!X509_CRL_up_ref(x)) { + X509_OBJECT_free(obj); return 0; } + obj->type = X509_LU_CRL; obj->data.crl = x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - - X509_OBJECT_up_ref_count(obj); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { - X509error(ERR_R_MALLOC_FAILURE); - ret = 0; - } - } - - if (ret == 0) - X509_OBJECT_dec_ref_count(obj); - - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - if (ret == 0) { - obj->data.crl = NULL; /* owned by the caller */ - X509_OBJECT_free(obj); - } - - return ret; -} - -static void -X509_OBJECT_dec_ref_count(X509_OBJECT *a) -{ - switch (a->type) { - case X509_LU_X509: - CRYPTO_add(&a->data.x509->references, -1, CRYPTO_LOCK_X509); - break; - case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references, -1, CRYPTO_LOCK_X509_CRL); - break; - } + return X509_STORE_add_object(store, obj); } int @@ -456,28 +442,15 @@ X509_OBJECT_up_ref_count(X509_OBJECT *a) return 1; } -int +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) { return a->type; } -void -X509_OBJECT_free_contents(X509_OBJECT *a) -{ - switch (a->type) { - case X509_LU_X509: - X509_free(a->data.x509); - break; - case X509_LU_CRL: - X509_CRL_free(a->data.crl); - break; - } -} - static int -x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, - int *pnmatch) +x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name, int *pnmatch) { X509_OBJECT stmp; X509 x509_s; @@ -499,7 +472,6 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, crl_info_s.issuer = name; break; default: - /* abort(); */ return -1; } @@ -507,6 +479,7 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, if (idx >= 0 && pnmatch) { int tidx; const X509_OBJECT *tobj, *pstmp; + *pnmatch = 1; pstmp = &stmp; for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) { @@ -520,13 +493,14 @@ x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, } int -X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) +X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name) { return x509_object_idx_cnt(h, type, name, NULL); } X509_OBJECT * -X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, +X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, X509_NAME *name) { int idx; @@ -553,99 +527,117 @@ X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo) return NULL; } -STACK_OF(X509) * -X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +static STACK_OF(X509) * +X509_get1_certs_from_cache(X509_STORE *store, X509_NAME *name) { - int i, idx, cnt; - STACK_OF(X509) *sk; - X509 *x; + STACK_OF(X509) *sk = NULL; + X509 *x = NULL; X509_OBJECT *obj; + int i, idx, cnt; - sk = sk_X509_new_null(); - if (sk == NULL) - return NULL; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { - /* Nothing found in cache: do lookup to possibly add new - * objects to cache - */ - X509_OBJECT xobj; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { - sk_X509_free(sk); - return NULL; - } - X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, - X509_LU_X509, nm, &cnt); - if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - sk_X509_free(sk); - return NULL; - } - } + + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt); + if (idx < 0) + goto err; + + if ((sk = sk_X509_new_null()) == NULL) + goto err; + for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); + x = obj->data.x509; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - if (!sk_X509_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_free(x); - sk_X509_pop_free(sk, X509_free); - return NULL; + if (!X509_up_ref(x)) { + x = NULL; + goto err; } + if (!sk_X509_push(sk, x)) + goto err; } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + err: + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_pop_free(sk, X509_free); + X509_free(x); + + return NULL; +} + +STACK_OF(X509) * +X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name) +{ + X509_STORE *store = ctx->store; + STACK_OF(X509) *sk; + X509_OBJECT *obj; + + if (store == NULL) + return NULL; + + if ((sk = X509_get1_certs_from_cache(store, name)) != NULL) + return sk; + + /* Nothing found: do lookup to possibly add new objects to cache. */ + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (obj == NULL) + return NULL; + X509_OBJECT_free(obj); + + return X509_get1_certs_from_cache(store, name); } STACK_OF(X509_CRL) * -X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name) { + X509_STORE *store = ctx->store; + STACK_OF(X509_CRL) *sk = NULL; + X509_CRL *x = NULL; + X509_OBJECT *obj = NULL; int i, idx, cnt; - STACK_OF(X509_CRL) *sk; - X509_CRL *x; - X509_OBJECT *obj, xobj; - sk = sk_X509_CRL_new_null(); - if (sk == NULL) + if (store == NULL) return NULL; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); - /* Always do lookup to possibly add new CRLs to cache - */ - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { - sk_X509_CRL_free(sk); + /* Always do lookup to possibly add new CRLs to cache */ + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_CRL, name); + if (obj == NULL) return NULL; - } - X509_OBJECT_free_contents(&xobj); + + X509_OBJECT_free(obj); + obj = NULL; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); - if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - sk_X509_CRL_free(sk); - return NULL; - } + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, name, &cnt); + if (idx < 0) + goto err; + + if ((sk = sk_X509_CRL_new_null()) == NULL) + goto err; for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); + x = obj->data.crl; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - X509_CRL_free(x); - sk_X509_CRL_pop_free(sk, X509_CRL_free); - return NULL; + if (!X509_CRL_up_ref(x)) { + x = NULL; + goto err; } + if (!sk_X509_CRL_push(sk, x)) + goto err; } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return sk; + + err: + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_CRL_free(x); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; } X509_OBJECT * @@ -688,44 +680,52 @@ X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) * -1 some other error. */ int -X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +X509_STORE_CTX_get1_issuer(X509 **out_issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; - X509_OBJECT obj, *pobj; - int i, ok, idx, ret; + X509_OBJECT *obj, *pobj; + X509 *issuer = NULL; + int i, idx, ret; + + *out_issuer = NULL; - *issuer = NULL; xn = X509_get_issuer_name(x); - ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); - if (ok != X509_LU_X509) { - if (ok == X509_LU_RETRY) { - X509_OBJECT_free_contents(&obj); - X509error(X509_R_SHOULD_RETRY); - return -1; - } else if (ok != X509_LU_FAIL) { - X509_OBJECT_free_contents(&obj); - /* not good :-(, break anyway */ - return -1; - } + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, xn); + if (obj == NULL) + return 0; + + if ((issuer = X509_OBJECT_get0_X509(obj)) == NULL) { + X509_OBJECT_free(obj); return 0; } + if (!X509_up_ref(issuer)) { + X509_OBJECT_free(obj); + return -1; + } + /* If certificate matches all OK */ - if (ctx->check_issued(ctx, x, obj.data.x509)) { - if (x509_check_cert_time(ctx, obj.data.x509, 1)) { - *issuer = obj.data.x509; + if (ctx->check_issued(ctx, x, issuer)) { + if (x509_check_cert_time(ctx, issuer, -1)) { + *out_issuer = issuer; + X509_OBJECT_free(obj); return 1; } } - X509_OBJECT_free_contents(&obj); + X509_free(issuer); + issuer = NULL; + X509_OBJECT_free(obj); + obj = NULL; + + if (ctx->store == NULL) + return 0; /* Else find index of first cert accepted by 'check_issued' */ - ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + idx = X509_OBJECT_idx_by_subject(ctx->store->objs, X509_LU_X509, xn); if (idx != -1) /* should be true as we've had at least one match */ { /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(ctx->store->objs); i++) { + pobj = sk_X509_OBJECT_value(ctx->store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -733,22 +733,28 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) X509_get_subject_name(pobj->data.x509))) break; if (ctx->check_issued(ctx, x, pobj->data.x509)) { - *issuer = pobj->data.x509; - ret = 1; + issuer = pobj->data.x509; /* * If times check, exit with match, * otherwise keep looking. Leave last * match in issuer so we return nearest * match if no certificate time is OK. */ - if (x509_check_cert_time(ctx, *issuer, 1)) + if (x509_check_cert_time(ctx, issuer, -1)) break; } } } + ret = 0; + if (issuer != NULL) { + if (!X509_up_ref(issuer)) { + ret = -1; + } else { + *out_issuer = issuer; + ret = 1; + } + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (*issuer) - CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); return ret; } @@ -808,8 +814,25 @@ X509_STORE_get0_param(X509_STORE *ctx) } void -X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) +X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify) { - ctx->verify_cb = verify_cb; + store->verify = verify; +} + +X509_STORE_CTX_verify_fn +X509_STORE_get_verify(X509_STORE *store) +{ + return store->verify; +} + +void +X509_STORE_set_verify_cb(X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb) +{ + store->verify_cb = verify_cb; +} + +X509_STORE_CTX_verify_cb +X509_STORE_get_verify_cb(X509_STORE *store) +{ + return store->verify_cb; } diff --git a/externals/libressl/crypto/x509/x509_ncons.c b/externals/libressl/crypto/x509/x509_ncons.c index 1621f9861..613527005 100755 --- a/externals/libressl/crypto/x509/x509_ncons.c +++ b/externals/libressl/crypto/x509/x509_ncons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ncons.c,v 1.4 2020/09/16 18:12:06 beck Exp $ */ +/* $OpenBSD: x509_ncons.c,v 1.5 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_lcl.h" + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/externals/libressl/crypto/x509/x509_obj.c b/externals/libressl/crypto/x509/x509_obj.c index 5c5379902..58ffa3a2f 100755 --- a/externals/libressl/crypto/x509/x509_obj.c +++ b/externals/libressl/crypto/x509/x509_obj.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_obj.c,v 1.18 2018/05/18 18:19:31 tb Exp $ */ +/* $OpenBSD: x509_obj.c,v 1.19 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #include #include +#include "x509_lcl.h" + char * X509_NAME_oneline(const X509_NAME *a, char *buf, int len) { diff --git a/externals/libressl/crypto/x509/x509_ocsp.c b/externals/libressl/crypto/x509/x509_ocsp.c index 59a2e972c..cc55d9390 100755 --- a/externals/libressl/crypto/x509/x509_ocsp.c +++ b/externals/libressl/crypto/x509/x509_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_ocsp.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_ocsp.c,v 1.2 2022/01/07 09:45:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -69,6 +69,8 @@ #include #include +#include "ocsp_local.h" + /* OCSP extensions and a couple of CRL entry extensions */ diff --git a/externals/libressl/crypto/x509/x509_pci.c b/externals/libressl/crypto/x509/x509_pci.c index 8997f0cec..b1d31dfb4 100755 --- a/externals/libressl/crypto/x509/x509_pci.c +++ b/externals/libressl/crypto/x509/x509_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_pci.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */ +/* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */ /* Contributed to the OpenSSL Project 2004 * by Richard Levitte (richard@levitte.org) */ @@ -77,7 +77,8 @@ i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out, i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/externals/libressl/crypto/x509/x509_prn.c b/externals/libressl/crypto/x509/x509_prn.c index 5c15cc390..4977051d4 100755 --- a/externals/libressl/crypto/x509/x509_prn.c +++ b/externals/libressl/crypto/x509/x509_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_prn.c,v 1.1 2020/06/04 15:19:32 jsing Exp $ */ +/* $OpenBSD: x509_prn.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + /* Extension printing routines */ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, diff --git a/externals/libressl/crypto/x509/x509_purp.c b/externals/libressl/crypto/x509/x509_purp.c index f2d46658f..a05c0388a 100755 --- a/externals/libressl/crypto/x509/x509_purp.c +++ b/externals/libressl/crypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.2 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.13 2021/11/04 23:52:34 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -65,6 +65,9 @@ #include #include +#include "x509_internal.h" +#include "x509_lcl.h" + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -132,6 +135,8 @@ X509_check_purpose(X509 *x, int id, int ca) CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); + if (x->ex_flags & EXFLAG_INVALID) + return -1; } if (id == -1) return 1; @@ -293,11 +298,7 @@ xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - unsigned int i; - sk_X509_PURPOSE_pop_free(xptable, xptable_free); - for(i = 0; i < X509_PURPOSE_COUNT; i++) - xptable_free(xstandard + i); xptable = NULL; } @@ -368,6 +369,10 @@ X509_supported_extension(X509_EXTENSION *ex) NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ +#ifndef OPENSSL_NO_RFC3779 + NID_sbgp_ipAddrBlock, /* 290 */ + NID_sbgp_autonomousSysNum, /* 291 */ +#endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ @@ -421,7 +426,12 @@ setup_crldp(X509 *x) { int i; - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); + x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL); + if (x->crldp == NULL && i != -1) { + x->ex_flags |= EXFLAG_INVALID; + return; + } + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); } @@ -440,16 +450,14 @@ x509v3_cache_extensions(X509 *x) if (x->ex_flags & EXFLAG_SET) return; -#ifndef OPENSSL_NO_SHA - X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -#endif + X509_digest(x, X509_CERT_HASH_EVP, x->hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; /* Handle basic constraints */ - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) { if (bs->ca) x->ex_flags |= EXFLAG_CA; if (bs->pathlen) { @@ -463,10 +471,12 @@ x509v3_cache_extensions(X509 *x) x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle proxy certificates */ - if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) { if (x->ex_flags & EXFLAG_CA || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { @@ -485,10 +495,12 @@ x509v3_cache_extensions(X509 *x) x->ex_pcpathlen = -1; PROXY_CERT_INFO_EXTENSION_free(pci); x->ex_flags |= EXFLAG_PROXY; + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } /* Handle key usage */ - if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL))) { if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) @@ -497,9 +509,12 @@ x509v3_cache_extensions(X509 *x) x->ex_kusage = 0; x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } + x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL))) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { @@ -535,22 +550,34 @@ x509v3_cache_extensions(X509 *x) case NID_dvcs: x->ex_xkusage |= XKU_DVCS; break; + + case NID_anyExtendedKeyUsage: + x->ex_xkusage |= XKU_ANYEKU; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } - if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL))) { if (ns->length > 0) x->ex_nscert = ns->data[0]; else x->ex_nscert = 0; x->ex_flags |= EXFLAG_NSCERT; ASN1_BIT_STRING_free(ns); + } else if (i != -1) { + x->ex_flags |= EXFLAG_INVALID; } - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); + x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL); + if (x->skid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL); + if (x->akid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { @@ -561,12 +588,23 @@ x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_SS; } - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); + if (x->altname == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); if (!x->nc && (i != -1)) x->ex_flags |= EXFLAG_INVALID; setup_crldp(x); +#ifndef OPENSSL_NO_RFC3779 + x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); + if (x->rfc3779_addr == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; + x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); + if (x->rfc3779_asid == NULL && i != -1) + x->ex_flags |= EXFLAG_INVALID; +#endif + for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == @@ -579,6 +617,9 @@ x509v3_cache_extensions(X509 *x) break; } } + + x509_verify_cert_info_populate(x); + x->ex_flags |= EXFLAG_SET; } @@ -626,6 +667,8 @@ X509_check_ca(X509 *x) CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); + if (x->ex_flags & EXFLAG_INVALID) + return X509_V_ERR_UNSPECIFIED; } return check_ca(x); @@ -836,8 +879,20 @@ X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; - x509v3_cache_extensions(issuer); - x509v3_cache_extensions(subject); + if (!(issuer->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(issuer); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + if (issuer->ex_flags & EXFLAG_INVALID) + return X509_V_ERR_UNSPECIFIED; + if (!(subject->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(subject); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + if (subject->ex_flags & EXFLAG_INVALID) + return X509_V_ERR_UNSPECIFIED; if (subject->akid) { int ret = X509_check_akid(issuer, subject->akid); @@ -891,3 +946,39 @@ X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } + +uint32_t +X509_get_extension_flags(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return 0; + + return x->ex_flags; +} + +uint32_t +X509_get_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return 0; + + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + + return UINT32_MAX; +} + +uint32_t +X509_get_extended_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1) + return 0; + + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + + return UINT32_MAX; +} diff --git a/externals/libressl/crypto/x509/x509_r2x.c b/externals/libressl/crypto/x509/x509_r2x.c index 525163bc3..b3b8aa75e 100755 --- a/externals/libressl/crypto/x509/x509_r2x.c +++ b/externals/libressl/crypto/x509/x509_r2x.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_r2x.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: x509_r2x.c,v 1.13 2021/11/03 14:36:21 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,12 +66,15 @@ #include #include +#include "x509_lcl.h" + X509 * X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) { X509 *ret = NULL; X509_CINF *xi = NULL; X509_NAME *xn; + EVP_PKEY *pubkey; if ((ret = X509_new()) == NULL) { X509error(ERR_R_MALLOC_FAILURE); @@ -86,14 +89,12 @@ X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; -/* xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_subject_name(ret, xn) == 0) goto err; - if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) + if (X509_set_issuer_name(ret, xn) == 0) goto err; if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) @@ -102,14 +103,16 @@ X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) (long)60 * 60 * 24 * days) == NULL) goto err; - X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); + if ((pubkey = X509_REQ_get0_pubkey(r)) == NULL) + goto err; + if (!X509_set_pubkey(ret, pubkey)) + goto err; if (!X509_sign(ret, pkey, EVP_md5())) goto err; - if (0) { + return ret; + err: - X509_free(ret); - ret = NULL; - } - return (ret); + X509_free(ret); + return NULL; } diff --git a/externals/libressl/crypto/x509/x509_req.c b/externals/libressl/crypto/x509/x509_req.c index b44306b00..8d5bf5850 100755 --- a/externals/libressl/crypto/x509/x509_req.c +++ b/externals/libressl/crypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.21 2018/05/13 06:48:00 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.28 2022/01/22 00:34:48 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,6 +70,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { @@ -121,13 +124,23 @@ X509_REQ_get_pubkey(X509_REQ *req) return (X509_PUBKEY_get(req->req_info->pubkey)); } +EVP_PKEY * +X509_REQ_get0_pubkey(X509_REQ *req) +{ + if (req == NULL || req->req_info == NULL) + return NULL; + return X509_PUBKEY_get0(req->req_info->pubkey); +} + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) { EVP_PKEY *xk = NULL; int ok = 0; - xk = X509_REQ_get_pubkey(x); + if ((xk = X509_REQ_get0_pubkey(x)) == NULL) + return 0; + switch (EVP_PKEY_cmp(xk, k)) { case 1: ok = 1; @@ -155,7 +168,6 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) X509error(X509_R_UNKNOWN_KEY_TYPE); } - EVP_PKEY_free(xk); return (ok); } @@ -202,66 +214,43 @@ X509_REQ_get_extensions(X509_REQ *req) int idx, *pnid; const unsigned char *p; - if ((req == NULL) || (req->req_info == NULL) || !ext_nids) - return (NULL); + if (req == NULL || req->req_info == NULL || ext_nids == NULL) + return NULL; for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if (attr->single) - ext = attr->value.single; - else if (sk_ASN1_TYPE_num(attr->value.set)) - ext = sk_ASN1_TYPE_value(attr->value.set, 0); + ext = X509_ATTRIBUTE_get0_type(attr, 0); break; } - if (!ext || (ext->type != V_ASN1_SEQUENCE)) + if (ext == NULL || ext->type != V_ASN1_SEQUENCE) return NULL; p = ext->value.sequence->data; - return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, - ext->value.sequence->length, &X509_EXTENSIONS_it); + return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length); } -/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs - * in case we want to create a non standard one. +/* + * Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non-standard one. */ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - ASN1_TYPE *at = NULL; - X509_ATTRIBUTE *attr = NULL; + unsigned char *ext = NULL; + int extlen; + int rv; - if (!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) - goto err; + extlen = i2d_X509_EXTENSIONS(exts, &ext); + if (extlen <= 0) + return 0; - at->type = V_ASN1_SEQUENCE; - /* Generate encoding of extensions */ - at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, &X509_EXTENSIONS_it); - if (!(attr = X509_ATTRIBUTE_new())) - goto err; - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - if (!sk_ASN1_TYPE_push(attr->value.set, at)) - goto err; - at = NULL; - attr->single = 0; - attr->object = OBJ_nid2obj(nid); - if (!req->req_info->attributes) { - if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) - goto err; - } - if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) - goto err; - return 1; + rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); + free(ext); -err: - X509_ATTRIBUTE_free(attr); - ASN1_TYPE_free(at); - return 0; + return rv; } /* This is the normal usage: use the "official" OID */ @@ -341,3 +330,10 @@ X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, return 1; return 0; } + +int +i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) +{ + req->req_info->enc.modified = 1; + return i2d_X509_REQ_INFO(req->req_info, pp); +} diff --git a/externals/libressl/crypto/x509/x509_set.c b/externals/libressl/crypto/x509/x509_set.c index 1a4b583ab..5784f2203 100755 --- a/externals/libressl/crypto/x509/x509_set.c +++ b/externals/libressl/crypto/x509/x509_set.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_set.c,v 1.17 2018/08/24 19:55:58 tb Exp $ */ +/* $OpenBSD: x509_set.c,v 1.20 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,6 +63,8 @@ #include #include +#include "x509_lcl.h" + const STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x) { @@ -216,3 +218,9 @@ X509_get_signature_type(const X509 *x) { return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm)); } + +X509_PUBKEY * +X509_get_X509_PUBKEY(const X509 *x) +{ + return x->cert_info->key; +} diff --git a/externals/libressl/crypto/x509/x509_skey.c b/externals/libressl/crypto/x509/x509_skey.c index a90642737..58bb66bc0 100755 --- a/externals/libressl/crypto/x509/x509_skey.c +++ b/externals/libressl/crypto/x509/x509_skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_skey.c,v 1.1 2020/06/04 15:19:32 jsing Exp $ */ +/* $OpenBSD: x509_skey.c,v 1.2 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); diff --git a/externals/libressl/crypto/x509/x509_trs.c b/externals/libressl/crypto/x509/x509_trs.c index 651dc82a5..72d616a10 100755 --- a/externals/libressl/crypto/x509/x509_trs.c +++ b/externals/libressl/crypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.23 2018/05/18 18:40:38 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.25 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,8 @@ #include #include +#include "x509_lcl.h" + static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); @@ -265,10 +267,6 @@ trtable_free(X509_TRUST *p) void X509_TRUST_cleanup(void) { - unsigned int i; - - for (i = 0; i < X509_TRUST_COUNT; i++) - trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; } diff --git a/externals/libressl/crypto/x509/x509_v3.c b/externals/libressl/crypto/x509/x509_v3.c index 524d5511e..9aefb8d99 100755 --- a/externals/libressl/crypto/x509/x509_v3.c +++ b/externals/libressl/crypto/x509/x509_v3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_v3.c,v 1.17 2018/05/19 10:54:40 tb Exp $ */ +/* $OpenBSD: x509_v3.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { diff --git a/externals/libressl/crypto/x509/x509_verify.c b/externals/libressl/crypto/x509/x509_verify.c index 0c32cd04b..6a73cb74e 100755 --- a/externals/libressl/crypto/x509/x509_verify.c +++ b/externals/libressl/crypto/x509/x509_verify.c @@ -1,6 +1,6 @@ -/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.54 2021/11/24 05:38:12 beck Exp $ */ /* - * Copyright (c) 2020 Bob Beck + * Copyright (c) 2020-2021 Bob Beck * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* x509_verify - inspired by golang's crypto/x509/Verify */ +/* x509_verify - inspired by golang's crypto/x509.Verify */ #include #include @@ -33,12 +33,63 @@ static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, struct x509_verify_chain *current_chain); static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, - struct x509_verify_chain *current_chain); + struct x509_verify_chain *current_chain, int full_chain); static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth, int error, int ok); static void x509_verify_chain_free(struct x509_verify_chain *chain); -#define X509_VERIFY_CERT_HASH (EVP_sha512()) +/* + * Parse an asn1 to a representable time_t as per RFC 5280 rules. + * Returns -1 if that can't be done for any reason. + */ +time_t +x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter) +{ + struct tm tm = { 0 }; + int type; + + type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type); + if (type == -1) + return -1; + + /* RFC 5280 section 4.1.2.5 */ + if (tm.tm_year < 150 && type != V_ASN1_UTCTIME) + return -1; + if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) + return -1; + + if (notAfter) { + /* + * If we are a completely broken operating system with a + * 32 bit time_t, and we have been told this is a notAfter + * date, limit the date to a 32 bit representable value. + */ + if (!ASN1_time_tm_clamp_notafter(&tm)) + return -1; + } + + /* + * Defensively fail if the time string is not representable as + * a time_t. A time_t must be sane if you care about times after + * Jan 19 2038. + */ + return timegm(&tm); +} + +/* + * Cache certificate hash, and values parsed out of an X509. + * called from cache_extensions() + */ +void +x509_verify_cert_info_populate(X509 *cert) +{ + /* + * Parse and save the cert times, or remember that they + * are unacceptable/unparsable. + */ + cert->not_before = x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0); + cert->not_after = x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1); +} struct x509_verify_chain * x509_verify_chain_new(void) @@ -49,7 +100,11 @@ x509_verify_chain_new(void) goto err; if ((chain->certs = sk_X509_new_null()) == NULL) goto err; - if ((chain->names = x509_constraints_names_new()) == NULL) + if ((chain->cert_errors = calloc(X509_VERIFY_MAX_CHAIN_CERTS, + sizeof(int))) == NULL) + goto err; + if ((chain->names = + x509_constraints_names_new(X509_VERIFY_MAX_CHAIN_NAMES)) == NULL) goto err; return chain; @@ -63,6 +118,8 @@ x509_verify_chain_clear(struct x509_verify_chain *chain) { sk_X509_pop_free(chain->certs, X509_free); chain->certs = NULL; + free(chain->cert_errors); + chain->cert_errors = NULL; x509_constraints_names_free(chain->names); chain->names = NULL; } @@ -81,10 +138,15 @@ x509_verify_chain_dup(struct x509_verify_chain *chain) { struct x509_verify_chain *new_chain; - if ((new_chain = x509_verify_chain_new()) == NULL) + if ((new_chain = calloc(1, sizeof(*chain))) == NULL) goto err; if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) goto err; + if ((new_chain->cert_errors = calloc(X509_VERIFY_MAX_CHAIN_CERTS, + sizeof(int))) == NULL) + goto err; + memcpy(new_chain->cert_errors, chain->cert_errors, + X509_VERIFY_MAX_CHAIN_CERTS * sizeof(int)); if ((new_chain->names = x509_constraints_names_dup(chain->names)) == NULL) goto err; @@ -99,18 +161,32 @@ x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert, int *error) { int verify_err = X509_V_ERR_UNSPECIFIED; + size_t idx; if (!x509_constraints_extract_names(chain->names, cert, sk_X509_num(chain->certs) == 0, &verify_err)) { *error = verify_err; return 0; } + X509_up_ref(cert); if (!sk_X509_push(chain->certs, cert)) { X509_free(cert); *error = X509_V_ERR_OUT_OF_MEM; return 0; } + + idx = sk_X509_num(chain->certs) - 1; + chain->cert_errors[idx] = *error; + + /* + * We've just added the issuer for the previous certificate, + * clear its error if appropriate. + */ + if (idx > 1 && chain->cert_errors[idx - 1] == + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + chain->cert_errors[idx - 1] = X509_V_OK; + return 1; } @@ -141,6 +217,9 @@ x509_verify_ctx_reset(struct x509_verify_ctx *ctx) for (i = 0; i < ctx->chains_count; i++) x509_verify_chain_free(ctx->chains[i]); + sk_X509_pop_free(ctx->saved_error_chain, X509_free); + ctx->saved_error = 0; + ctx->saved_error_depth = 0; ctx->error = 0; ctx->error_depth = 0; ctx->chains_count = 0; @@ -158,40 +237,218 @@ x509_verify_ctx_clear(struct x509_verify_ctx *ctx) } static int -x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert) +x509_verify_cert_cache_extensions(X509 *cert) { + if (!(cert->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(cert); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + if (cert->ex_flags & EXFLAG_INVALID) + return 0; + + return (cert->ex_flags & EXFLAG_SET); +} + +static int +x509_verify_cert_self_signed(X509 *cert) { + return (cert->ex_flags & EXFLAG_SS) ? 1 : 0; +} + +static int +x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert, + int full_chain) +{ + X509 *match = NULL; int i; - for (i = 0; i < sk_X509_num(ctx->roots); i++) { - if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0) - return 1; + if (!x509_verify_cert_cache_extensions(cert)) + return 0; + + /* Check by lookup if we have a legacy xsc */ + if (ctx->xsc != NULL) { + if ((match = x509_vfy_lookup_cert_match(ctx->xsc, + cert)) != NULL) { + X509_free(match); + return !full_chain || + x509_verify_cert_self_signed(cert); + } + } else { + /* Check the provided roots */ + for (i = 0; i < sk_X509_num(ctx->roots); i++) { + if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0) + return !full_chain || + x509_verify_cert_self_signed(cert); + } } + return 0; } static int x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, - struct x509_verify_chain *chain) + struct x509_verify_chain *chain, int set_error, int is_trusted) { - size_t depth; - X509 *last = x509_verify_chain_last(chain); + size_t num_untrusted; + int i; if (ctx->xsc == NULL) return 1; - depth = sk_X509_num(chain->certs); - if (depth > 0) - depth--; + /* + * XXX num_untrusted is the number of untrusted certs at the + * bottom of the chain. This works now since we stop at the first + * trusted cert. This will need fixing once we allow more than one + * trusted certificate. + */ + num_untrusted = sk_X509_num(chain->certs); + if (is_trusted && num_untrusted > 0) + num_untrusted--; + ctx->xsc->num_untrusted = num_untrusted; - ctx->xsc->last_untrusted = depth ? depth - 1 : 0; sk_X509_pop_free(ctx->xsc->chain, X509_free); ctx->xsc->chain = X509_chain_up_ref(chain->certs); if (ctx->xsc->chain == NULL) - return x509_verify_cert_error(ctx, last, depth, + return x509_verify_cert_error(ctx, NULL, 0, X509_V_ERR_OUT_OF_MEM, 0); + + if (set_error) { + ctx->xsc->error = X509_V_OK; + ctx->xsc->error_depth = 0; + for (i = 0; i < sk_X509_num(chain->certs); i++) { + if (chain->cert_errors[i] != X509_V_OK) { + ctx->xsc->error = chain->cert_errors[i]; + ctx->xsc->error_depth = i; + break; + } + } + } + return 1; } + +/* + * Save the error state and unvalidated chain off of the xsc for + * later. + */ +static int +x509_verify_ctx_save_xsc_error(struct x509_verify_ctx *ctx) +{ + if (ctx->xsc != NULL && ctx->xsc->chain != NULL) { + sk_X509_pop_free(ctx->saved_error_chain, X509_free); + ctx->saved_error_chain = X509_chain_up_ref(ctx->xsc->chain); + if (ctx->saved_error_chain == NULL) + return x509_verify_cert_error(ctx, NULL, 0, + X509_V_ERR_OUT_OF_MEM, 0); + ctx->saved_error = ctx->xsc->error; + ctx->saved_error_depth = ctx->xsc->error_depth; + } + return 1; +} + +/* + * Restore the saved error state and unvalidated chain to the xsc + * if we do not have a validated chain. + */ +static int +x509_verify_ctx_restore_xsc_error(struct x509_verify_ctx *ctx) +{ + if (ctx->xsc != NULL && ctx->chains_count == 0 && + ctx->saved_error_chain != NULL) { + sk_X509_pop_free(ctx->xsc->chain, X509_free); + ctx->xsc->chain = X509_chain_up_ref(ctx->saved_error_chain); + if (ctx->xsc->chain == NULL) + return x509_verify_cert_error(ctx, NULL, 0, + X509_V_ERR_OUT_OF_MEM, 0); + ctx->xsc->error = ctx->saved_error; + ctx->xsc->error_depth = ctx->saved_error_depth; + } + return 1; +} + +/* Perform legacy style validation of a chain */ +static int +x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx, + struct x509_verify_chain *chain, size_t depth) +{ + int ret = 0, trust; + + if (ctx->xsc == NULL) + return 1; + + /* + * If we have a legacy xsc, choose a validated chain, and + * apply the extensions, revocation, and policy checks just + * like the legacy code did. We do this here instead of as + * building the chains to more easily support the callback and + * the bewildering array of VERIFY_PARAM knobs that are there + * for the fiddling. + */ + + /* These may be set in one of the following calls. */ + ctx->xsc->error = X509_V_OK; + ctx->xsc->error_depth = 0; + + trust = x509_vfy_check_trust(ctx->xsc); + if (trust == X509_TRUST_REJECTED) + goto err; + + if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1)) + goto err; + + /* + * XXX currently this duplicates some work done in chain + * build, but we keep it here until we have feature parity + */ + if (!x509_vfy_check_chain_extensions(ctx->xsc)) + goto err; + +#ifndef OPENSSL_NO_RFC3779 + if (!X509v3_asid_validate_path(ctx->xsc)) + goto err; + + if (!X509v3_addr_validate_path(ctx->xsc)) + goto err; +#endif + + if (!x509_constraints_chain(ctx->xsc->chain, + &ctx->xsc->error, &ctx->xsc->error_depth)) { + X509 *cert = sk_X509_value(ctx->xsc->chain, depth); + if (!x509_verify_cert_error(ctx, cert, + ctx->xsc->error_depth, ctx->xsc->error, 0)) + goto err; + } + + if (!x509_vfy_check_revocation(ctx->xsc)) + goto err; + + if (!x509_vfy_check_policy(ctx->xsc)) + goto err; + + if ((!(ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) && + trust != X509_TRUST_TRUSTED) + goto err; + + ret = 1; + + err: + /* + * The above checks may have set ctx->xsc->error and + * ctx->xsc->error_depth - save these for later on. + */ + if (ctx->xsc->error != X509_V_OK) { + if (ctx->xsc->error_depth < 0 || + ctx->xsc->error_depth >= X509_VERIFY_MAX_CHAIN_CERTS) + return 0; + chain->cert_errors[ctx->xsc->error_depth] = + ctx->xsc->error; + ctx->error_depth = ctx->xsc->error_depth; + } + + return ret; +} + /* Add a validated chain to our list of valid chains */ static int x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, @@ -208,43 +465,17 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, return x509_verify_cert_error(ctx, last, depth, X509_V_ERR_CERT_CHAIN_TOO_LONG, 0); + /* Clear a get issuer failure for a root certificate. */ + if (chain->cert_errors[depth] == + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + chain->cert_errors[depth] = X509_V_OK; + + if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth)) + return 0; + /* - * If we have a legacy xsc, choose a validated chain, - * and apply the extensions, revocation, and policy checks - * just like the legacy code did. We do this here instead - * of as building the chains to more easily support the - * callback and the bewildering array of VERIFY_PARAM - * knobs that are there for the fiddling. - */ - if (ctx->xsc != NULL) { - if (!x509_verify_ctx_set_xsc_chain(ctx, chain)) - return 0; - - /* - * XXX currently this duplicates some work done - * in chain build, but we keep it here until - * we have feature parity - */ - if (!x509_vfy_check_chain_extensions(ctx->xsc)) - return 0; - - if (!x509_constraints_chain(ctx->xsc->chain, - &ctx->xsc->error, &ctx->xsc->error_depth)) { - X509 *cert = sk_X509_value(ctx->xsc->chain, depth); - if (!x509_verify_cert_error(ctx, cert, - ctx->xsc->error_depth, ctx->xsc->error, 0)) - return 0; - } - - if (!x509_vfy_check_revocation(ctx->xsc)) - return 0; - - if (!x509_vfy_check_policy(ctx->xsc)) - return 0; - } - /* - * no xsc means we are being called from the non-legacy API, - * extensions and purpose are dealt with as the chain is built. + * In the non-legacy code, extensions and purpose are dealt + * with as the chain is built. * * The non-legacy api returns multiple chains but does not do * any revocation checking (it must be done by the caller on @@ -266,6 +497,8 @@ static int x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent, X509 *child) { + if (!x509_verify_cert_cache_extensions(parent)) + return 0; if (ctx->xsc != NULL) return (ctx->xsc->check_issued(ctx->xsc, child, parent)); @@ -274,22 +507,15 @@ x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent, } static int -x509_verify_parent_signature(X509 *parent, X509 *child, - unsigned char *child_md, int *error) +x509_verify_parent_signature(X509 *parent, X509 *child, int *error) { - unsigned char parent_md[EVP_MAX_MD_SIZE] = { 0 }; EVP_PKEY *pkey; int cached; int ret = 0; /* Use cached value if we have it */ - if (child_md != NULL) { - if (!X509_digest(parent, X509_VERIFY_CERT_HASH, parent_md, - NULL)) - return 0; - if ((cached = x509_issuer_cache_find(parent_md, child_md)) >= 0) - return cached; - } + if ((cached = x509_issuer_cache_find(parent->hash, child->hash)) >= 0) + return cached; /* Check signature. Did parent sign child? */ if ((pkey = X509_get_pubkey(parent)) == NULL) { @@ -302,8 +528,7 @@ x509_verify_parent_signature(X509 *parent, X509 *child, ret = 1; /* Add result to cache */ - if (child_md != NULL) - x509_issuer_cache_add(parent_md, child_md, ret); + x509_issuer_cache_add(parent->hash, child->hash, ret); EVP_PKEY_free(pkey); @@ -312,8 +537,8 @@ x509_verify_parent_signature(X509 *parent, X509 *child, static int x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, - unsigned char *cert_md, int is_root_cert, X509 *candidate, - struct x509_verify_chain *current_chain) + int is_root_cert, X509 *candidate, struct x509_verify_chain *current_chain, + int full_chain) { int depth = sk_X509_num(current_chain->certs); struct x509_verify_chain *new_chain; @@ -333,12 +558,10 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, return 0; } - - if (!x509_verify_parent_signature(candidate, cert, cert_md, - &ctx->error)) { - if (!x509_verify_cert_error(ctx, candidate, depth, - ctx->error, 0)) - return 0; + if (!x509_verify_parent_signature(candidate, cert, &ctx->error)) { + if (!x509_verify_cert_error(ctx, candidate, depth, + ctx->error, 0)) + return 0; } if (!x509_verify_cert_valid(ctx, candidate, current_chain)) @@ -351,8 +574,7 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, return 0; } if (!x509_verify_chain_append(new_chain, candidate, &ctx->error)) { - x509_verify_cert_error(ctx, candidate, depth, - ctx->error, 0); + x509_verify_cert_error(ctx, candidate, depth, ctx->error, 0); x509_verify_chain_free(new_chain); return 0; } @@ -363,17 +585,18 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert, * give up. */ if (is_root_cert) { - if (!x509_verify_ctx_set_xsc_chain(ctx, new_chain)) { + if (!x509_verify_ctx_set_xsc_chain(ctx, new_chain, 0, 1)) { x509_verify_chain_free(new_chain); return 0; } - if (x509_verify_cert_error(ctx, candidate, depth, X509_V_OK, 1)) { - (void) x509_verify_ctx_add_chain(ctx, new_chain); - goto done; + if (!x509_verify_ctx_add_chain(ctx, new_chain)) { + x509_verify_chain_free(new_chain); + return 0; } + goto done; } - x509_verify_build_chains(ctx, candidate, new_chain); + x509_verify_build_chains(ctx, candidate, new_chain, full_chain); done: x509_verify_chain_free(new_chain); @@ -397,11 +620,18 @@ x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth, static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, - struct x509_verify_chain *current_chain) + struct x509_verify_chain *current_chain, int full_chain) { - unsigned char cert_md[EVP_MAX_MD_SIZE] = { 0 }; X509 *candidate; - int i, depth, count; + int i, depth, count, ret, is_root; + + /* + * If we are finding chains with an xsc, just stop after we have + * one chain, there's no point in finding more, it just exercises + * the potentially buggy callback processing in the calling software. + */ + if (ctx->xsc != NULL && ctx->chains_count > 0) + return; depth = sk_X509_num(current_chain->certs); if (depth > 0) @@ -412,42 +642,81 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, X509_V_ERR_CERT_CHAIN_TOO_LONG, 0)) return; - if (!X509_digest(cert, X509_VERIFY_CERT_HASH, cert_md, NULL) && - !x509_verify_cert_error(ctx, cert, depth, - X509_V_ERR_UNSPECIFIED, 0)) - return; - count = ctx->chains_count; + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; ctx->error_depth = depth; - for (i = 0; i < sk_X509_num(ctx->roots); i++) { - candidate = sk_X509_value(ctx->roots, i); - if (x509_verify_potential_parent(ctx, candidate, cert)) { - x509_verify_consider_candidate(ctx, cert, - cert_md, 1, candidate, current_chain); + if (ctx->saved_error != 0) + ctx->error = ctx->saved_error; + if (ctx->saved_error_depth != 0) + ctx->error_depth = ctx->saved_error_depth; + + if (ctx->xsc != NULL) { + /* + * Long ago experiments at Muppet labs resulted in a + * situation where software not only sees these errors + * but forced developers to expect them in certain cases. + * so we must mimic this awfulness for the legacy case. + */ + if (cert->ex_flags & EXFLAG_SS) + ctx->error = (depth == 0) ? + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + } + + /* Check for legacy mode roots */ + if (ctx->xsc != NULL) { + if ((ret = ctx->xsc->get_issuer(&candidate, ctx->xsc, cert)) < 0) { + x509_verify_cert_error(ctx, cert, depth, + X509_V_ERR_STORE_LOOKUP, 0); + return; + } + if (ret > 0) { + if (x509_verify_potential_parent(ctx, candidate, cert)) { + is_root = !full_chain || + x509_verify_cert_self_signed(candidate); + x509_verify_consider_candidate(ctx, cert, + is_root, candidate, current_chain, + full_chain); + } + X509_free(candidate); + } + } else { + /* Check to see if we have a trusted root issuer. */ + for (i = 0; i < sk_X509_num(ctx->roots); i++) { + candidate = sk_X509_value(ctx->roots, i); + if (x509_verify_potential_parent(ctx, candidate, cert)) { + is_root = !full_chain || + x509_verify_cert_self_signed(candidate); + x509_verify_consider_candidate(ctx, cert, + is_root, candidate, current_chain, + full_chain); + } } } + /* Check intermediates after checking roots */ if (ctx->intermediates != NULL) { for (i = 0; i < sk_X509_num(ctx->intermediates); i++) { candidate = sk_X509_value(ctx->intermediates, i); if (x509_verify_potential_parent(ctx, candidate, cert)) { x509_verify_consider_candidate(ctx, cert, - cert_md, 0, candidate, current_chain); + 0, candidate, current_chain, + full_chain); } } } + if (ctx->chains_count > count) { if (ctx->xsc != NULL) { ctx->xsc->error = X509_V_OK; ctx->xsc->error_depth = depth; ctx->xsc->current_cert = cert; - (void) ctx->xsc->verify_cb(1, ctx->xsc); } } else if (ctx->error_depth == depth) { - (void) x509_verify_cert_error(ctx, cert, depth, - ctx->error, 0); + if (!x509_verify_ctx_set_xsc_chain(ctx, current_chain, 0, 0)) + return; } } @@ -458,8 +727,13 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name) size_t len; if (name == NULL) { - if (ctx->xsc != NULL) - return x509_vfy_check_id(ctx->xsc); + if (ctx->xsc != NULL) { + int ret; + + if ((ret = x509_vfy_check_id(ctx->xsc)) == 0) + ctx->error = ctx->xsc->error; + return ret; + } return 1; } if ((candidate = strdup(name)) == NULL) { @@ -497,7 +771,8 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name) } static int -x509_verify_set_check_time(struct x509_verify_ctx *ctx) { +x509_verify_set_check_time(struct x509_verify_ctx *ctx) +{ if (ctx->xsc != NULL) { if (ctx->xsc->param->flags & X509_V_FLAG_USE_CHECK_TIME) { ctx->check_time = &ctx->xsc->param->check_time; @@ -511,49 +786,9 @@ x509_verify_set_check_time(struct x509_verify_ctx *ctx) { return 1; } -int -x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, int notafter) -{ - int type; - - memset(tm, 0, sizeof(*tm)); - - type = ASN1_time_parse(atime->data, atime->length, tm, atime->type); - if (type == -1) - return 0; - - /* RFC 5280 section 4.1.2.5 */ - if (tm->tm_year < 150 && type != V_ASN1_UTCTIME) - return 0; - if (tm->tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) - return 0; - - if (notafter) { - /* - * If we are a completely broken operating system with a - * 32 bit time_t, and we have been told this is a notafter - * date, limit the date to a 32 bit representable value. - */ - if (!ASN1_time_tm_clamp_notafter(tm)) - return 0; - } - - /* - * Defensively fail if the time string is not representable as - * a time_t. A time_t must be sane if you care about times after - * Jan 19 2038. - */ - if (timegm(tm) == -1) - return 0; - - return 1; -} - static int -x509_verify_cert_time(int is_notafter, const ASN1_TIME *cert_asn1, - time_t *cmp_time, int *error) +x509_verify_cert_times(X509 *cert, time_t *cmp_time, int *error) { - struct tm cert_tm, when_tm; time_t when; if (cmp_time == NULL) @@ -561,29 +796,21 @@ x509_verify_cert_time(int is_notafter, const ASN1_TIME *cert_asn1, else when = *cmp_time; - if (!x509_verify_asn1_time_to_tm(cert_asn1, &cert_tm, - is_notafter)) { - *error = is_notafter ? - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD : - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + if (cert->not_before == -1) { + *error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; return 0; } - - if (gmtime_r(&when, &when_tm) == NULL) { - *error = X509_V_ERR_UNSPECIFIED; + if (when < cert->not_before) { + *error = X509_V_ERR_CERT_NOT_YET_VALID; return 0; } - - if (is_notafter) { - if (ASN1_time_tm_cmp(&cert_tm, &when_tm) == -1) { - *error = X509_V_ERR_CERT_HAS_EXPIRED; - return 0; - } - } else { - if (ASN1_time_tm_cmp(&cert_tm, &when_tm) == 1) { - *error = X509_V_ERR_CERT_NOT_YET_VALID; - return 0; - } + if (cert->not_after == -1) { + *error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + return 0; + } + if (when > cert->not_after) { + *error = X509_V_ERR_CERT_HAS_EXPIRED; + return 0; } return 1; @@ -601,11 +828,13 @@ x509_verify_validate_constraints(X509 *cert, return 1; if (cert->nc != NULL) { - if ((permitted = x509_constraints_names_new()) == NULL) { + if ((permitted = x509_constraints_names_new( + X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) { err = X509_V_ERR_OUT_OF_MEM; goto err; } - if ((excluded = x509_constraints_names_new()) == NULL) { + if ((excluded = x509_constraints_names_new( + X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) { err = X509_V_ERR_OUT_OF_MEM; goto err; } @@ -630,10 +859,9 @@ x509_verify_validate_constraints(X509 *cert, static int x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca) { - if (!(cert->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(cert); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); + if (!x509_verify_cert_cache_extensions(cert)) { + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; } if (ctx->xsc != NULL) @@ -688,15 +916,8 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, } if (x509_verify_set_check_time(ctx)) { - if (!x509_verify_cert_time(0, X509_get_notBefore(cert), - ctx->check_time, &ctx->error)) { - if (!x509_verify_cert_error(ctx, cert, depth, - ctx->error, 0)) - return 0; - } - - if (!x509_verify_cert_time(1, X509_get_notAfter(cert), - ctx->check_time, &ctx->error)) { + if (!x509_verify_cert_times(cert, ctx->check_time, + &ctx->error)) { if (!x509_verify_cert_error(ctx, cert, depth, ctx->error, 0)) return 0; @@ -712,7 +933,7 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, } struct x509_verify_ctx * -x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots) +x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc) { struct x509_verify_ctx *ctx; size_t max_depth; @@ -720,7 +941,7 @@ x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots) if (xsc == NULL) return NULL; - if ((ctx = x509_verify_ctx_new(roots)) == NULL) + if ((ctx = x509_verify_ctx_new(NULL)) == NULL) return NULL; ctx->xsc = xsc; @@ -748,14 +969,16 @@ x509_verify_ctx_new(STACK_OF(X509) *roots) { struct x509_verify_ctx *ctx; - if (roots == NULL) - return NULL; - if ((ctx = calloc(1, sizeof(struct x509_verify_ctx))) == NULL) return NULL; - if ((ctx->roots = X509_chain_up_ref(roots)) == NULL) - goto err; + if (roots != NULL) { + if ((ctx->roots = X509_chain_up_ref(roots)) == NULL) + goto err; + } else { + if ((ctx->roots = sk_X509_new_null()) == NULL) + goto err; + } ctx->max_depth = X509_VERIFY_MAX_CHAIN_CERTS; ctx->max_chains = X509_VERIFY_MAX_CHAINS; @@ -850,19 +1073,24 @@ size_t x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) { struct x509_verify_chain *current_chain; + int retry_chain_build, full_chain = 0; if (ctx->roots == NULL || ctx->max_depth == 0) { ctx->error = X509_V_ERR_INVALID_CALL; - return 0; + goto err; } if (ctx->xsc != NULL) { if (leaf != NULL || name != NULL) { ctx->error = X509_V_ERR_INVALID_CALL; - return 0; + goto err; } leaf = ctx->xsc->cert; + /* XXX */ + full_chain = 1; + if (ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN) + full_chain = 0; /* * XXX * The legacy code expects the top level cert to be @@ -872,57 +1100,163 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) */ if ((ctx->xsc->chain = sk_X509_new_null()) == NULL) { ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; + goto err; } if (!X509_up_ref(leaf)) { ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; + goto err; } if (!sk_X509_push(ctx->xsc->chain, leaf)) { X509_free(leaf); ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; + goto err; } ctx->xsc->error_depth = 0; ctx->xsc->current_cert = leaf; } if (!x509_verify_cert_valid(ctx, leaf, NULL)) - return 0; + goto err; if (!x509_verify_cert_hostname(ctx, leaf, name)) - return 0; + goto err; if ((current_chain = x509_verify_chain_new()) == NULL) { ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; + goto err; } if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) { x509_verify_chain_free(current_chain); - return 0; + goto err; } - if (x509_verify_ctx_cert_is_root(ctx, leaf)) - x509_verify_ctx_add_chain(ctx, current_chain); - else - x509_verify_build_chains(ctx, leaf, current_chain); + do { + retry_chain_build = 0; + if (x509_verify_ctx_cert_is_root(ctx, leaf, full_chain)) { + if (!x509_verify_ctx_add_chain(ctx, current_chain)) { + x509_verify_chain_free(current_chain); + goto err; + } + } else { + x509_verify_build_chains(ctx, leaf, current_chain, + full_chain); + if (full_chain && ctx->chains_count == 0) { + /* + * Save the error state from the xsc + * at this point to put back on the + * xsc in case we do not find a chain + * that is trusted but not a full + * chain to a self signed root. This + * is because the unvalidated chain is + * used by the autochain batshittery + * on failure and will be needed for + * that. + */ + if (!x509_verify_ctx_save_xsc_error(ctx)) { + x509_verify_chain_free(current_chain); + goto err; + } + full_chain = 0; + retry_chain_build = 1; + } + } + } while (retry_chain_build); x509_verify_chain_free(current_chain); /* - * Safety net: - * We could not find a validated chain, and for some reason do not - * have an error set. + * Do the new verifier style return, where we don't have an xsc + * that allows a crazy callback to turn invalid things into valid. */ - if (ctx->chains_count == 0 && ctx->error == 0) + if (ctx->xsc == NULL) { + /* + * Safety net: + * We could not find a validated chain, and for some reason do not + * have an error set. + */ + if (ctx->chains_count == 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; + + /* + * If we are not using an xsc, and have no possibility for the + * crazy OpenSSL callback API changing the results of + * validation steps (because the callback can make validation + * proceed in the presence of invalid certs), any chains we + * have here are correctly built and verified. + */ + if (ctx->chains_count > 0) + ctx->error = X509_V_OK; + + return ctx->chains_count; + } + + /* + * Otherwise we are doing compatibility with an xsc, which means that we + * will have one chain, which might actually be a bogus chain because + * the callback told us to ignore errors and proceed to build an invalid + * chain. Possible return values from this include returning 1 with an + * invalid chain and a value of xsc->error != X509_V_OK (It's tradition + * that makes it ok). + */ + + if (ctx->chains_count > 0) { + /* + * The chain we have using an xsc might not be a verified chain + * if the callback perverted things while we built it to ignore + * failures and proceed with chain building. We put this chain + * and the error associated with it on the xsc. + */ + if (!x509_verify_ctx_set_xsc_chain(ctx, ctx->chains[0], 1, 1)) + goto err; + + /* + * Call the callback for completion up our built + * chain. The callback could still tell us to + * fail. Since this chain might exist as the result of + * callback doing perversions, we could still return + * "success" with something other than X509_V_OK set + * as the error. + */ + if (!x509_vfy_callback_indicate_completion(ctx->xsc)) + goto err; + } else { + /* + * We did not find a chain. Bring back the failure + * case we wanted to the xsc if we saved one. If we + * did not we should have just the leaf on the xsc. + */ + if (!x509_verify_ctx_restore_xsc_error(ctx)) + goto err; + + /* + * Safety net, ensure we have an error set in the + * failing case. + */ + if (ctx->xsc->error == X509_V_OK) { + if (ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; + ctx->xsc->error = ctx->error; + } + + /* + * Let the callback override the return value + * at depth 0 if it chooses to + */ + return ctx->xsc->verify_cb(0, ctx->xsc); + } + + /* We only ever find one chain in compat mode with an xsc. */ + return 1; + + err: + if (ctx->error == X509_V_OK) ctx->error = X509_V_ERR_UNSPECIFIED; - /* Clear whatever errors happened if we have any validated chain */ - if (ctx->chains_count > 0) - ctx->error = X509_V_OK; - if (ctx->xsc != NULL) { - ctx->xsc->error = ctx->error; - return ctx->xsc->verify_cb(ctx->chains_count, ctx->xsc); + if (ctx->xsc->error == X509_V_OK) + ctx->xsc->error = X509_V_ERR_UNSPECIFIED; + ctx->error = ctx->xsc->error; } - return (ctx->chains_count); + + return 0; } + diff --git a/externals/libressl/crypto/x509/x509_vfy.c b/externals/libressl/crypto/x509/x509_vfy.c index fe1431ce4..9a929963f 100755 --- a/externals/libressl/crypto/x509/x509_vfy.c +++ b/externals/libressl/crypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.81 2020/09/26 02:06:28 deraadt Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.101 2022/01/22 00:36:46 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -76,8 +76,6 @@ #include "asn1_locl.h" #include "vpm_int.h" #include "x509_internal.h" -#include "x509_lcl.h" -#include "x509_internal.h" /* CRL score values */ @@ -240,12 +238,13 @@ x509_vfy_check_id(X509_STORE_CTX *ctx) { * Oooooooh.. */ static int -X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) +X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) { X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; - int depth, i, ok = 0; + int ok = 0, ret = 0; + int depth, i; int num, j, retry, trust; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; @@ -263,7 +262,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) goto end; } X509_up_ref(ctx->cert); - ctx->last_untrusted = 1; + ctx->num_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL && @@ -337,7 +336,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) } X509_up_ref(xtmp); (void)sk_X509_delete_ptr(sktmp, xtmp); - ctx->last_untrusted++; + ctx->num_untrusted++; x = xtmp; num++; /* @@ -395,7 +394,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) X509_free(x); x = xtmp; (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + ctx->num_untrusted = 0; } } else { /* @@ -403,7 +402,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) * certificate for later use */ chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; + ctx->num_untrusted--; num--; j--; x = sk_X509_value(ctx->chain, num - 1); @@ -477,7 +476,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) X509_free(xtmp); num--; } - ctx->last_untrusted = sk_X509_num(ctx->chain); + ctx->num_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } @@ -492,7 +491,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) */ if (trust != X509_TRUST_TRUSTED && !bad_chain) { if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { - if (ctx->last_untrusted >= num) + if (ctx->num_untrusted >= num) ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; else ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; @@ -505,7 +504,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) goto end; } num++; - ctx->last_untrusted = num; + ctx->num_untrusted = num; ctx->current_cert = chain_ss; ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; chain_ss = NULL; @@ -517,11 +516,15 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad) if (!ok) goto end; } + + ret = 1; end: sk_X509_free(sktmp); X509_free(chain_ss); *bad = bad_chain; - return ok; + *out_ok = ok; + + return ret; } static int @@ -531,8 +534,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) ctx->error = X509_V_OK; /* Initialize to OK */ - ok = X509_verify_cert_legacy_build_chain(ctx, &bad_chain); - if (!ok) + if (!X509_verify_cert_legacy_build_chain(ctx, &bad_chain, &ok)) goto end; /* We have the chain complete: now we need to check its purpose */ @@ -545,6 +547,16 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) if (!ok) goto end; +#ifndef OPENSSL_NO_RFC3779 + ok = X509v3_asid_validate_path(ctx); + if (!ok) + goto end; + + ok = X509v3_addr_validate_path(ctx); + if (!ok) + goto end; +#endif + ok = check_id(ctx); if (!ok) goto end; @@ -630,60 +642,13 @@ X509_verify_cert(X509_STORE_CTX *ctx) /* Use the modern multi-chain verifier from x509_verify_cert */ - /* Find our trusted roots */ - ctx->error = X509_V_ERR_OUT_OF_MEM; - - if (ctx->get_issuer == get_issuer_sk) { - /* - * We are using the trusted stack method. so - * the roots are in the aptly named "ctx->other_ctx" - * pointer. (It could have been called "al") - */ - if ((roots = X509_chain_up_ref(ctx->other_ctx)) == NULL) - return -1; - } else { - /* - * We have a X509_STORE and need to pull out the roots. - * Don't look Ethel... - */ - STACK_OF(X509_OBJECT) *objs; - size_t i, good = 1; - - if ((roots = sk_X509_new_null()) == NULL) - return -1; - - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - if ((objs = X509_STORE_get0_objects(ctx->ctx)) == NULL) - good = 0; - for (i = 0; good && i < sk_X509_OBJECT_num(objs); i++) { - X509_OBJECT *obj; - X509 *root; - obj = sk_X509_OBJECT_value(objs, i); - if (obj->type != X509_LU_X509) - continue; - root = obj->data.x509; - if (X509_up_ref(root) == 0) - good = 0; - if (sk_X509_push(roots, root) == 0) { - X509_free(root); - good = 0; - } - } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - - if (!good) { - sk_X509_pop_free(roots, X509_free); - return -1; - } - } - - if ((vctx = x509_verify_ctx_new_from_xsc(ctx, roots)) != NULL) { + if ((vctx = x509_verify_ctx_new_from_xsc(ctx)) != NULL) { ctx->error = X509_V_OK; /* Initialize to OK */ chain_count = x509_verify(vctx, NULL, NULL); } + x509_verify_ctx_free(vctx); sk_X509_pop_free(roots, X509_free); - x509_verify_ctx_free(vctx); /* if we succeed we have a chain in ctx->chain */ return (chain_count > 0 && ctx->chain != NULL); @@ -784,7 +749,7 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) } /* Check all untrusted certificates */ - for (i = 0; i < ctx->last_untrusted; i++) { + for (i = 0; i < ctx->num_untrusted; i++) { int ret; x = sk_X509_value(ctx->chain, i); if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && @@ -910,7 +875,8 @@ check_name_constraints(X509_STORE_CTX *ctx) /* Given a certificate try and find an exact match in the store */ -static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) +static X509 * +lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) { STACK_OF(X509) *certs; X509 *xtmp = NULL; @@ -937,7 +903,17 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) return xtmp; } -static int check_trust(X509_STORE_CTX *ctx) +X509 * +x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) +{ + if (ctx->lookup_certs == NULL || ctx->store == NULL || + ctx->store->objs == NULL) + return NULL; + return lookup_cert_match(ctx, x); +} + +static int +check_trust(X509_STORE_CTX *ctx) { size_t i; int ok; @@ -946,7 +922,7 @@ static int check_trust(X509_STORE_CTX *ctx) cb = ctx->verify_cb; /* Check all trusted certificates in chain */ - for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { + for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) { x = sk_X509_value(ctx->chain, i); ok = X509_check_trust(x, ctx->param->trust, 0); @@ -972,14 +948,14 @@ static int check_trust(X509_STORE_CTX *ctx) */ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { X509 *mx; - if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) + if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain)) return X509_TRUST_TRUSTED; x = sk_X509_value(ctx->chain, 0); mx = lookup_cert_match(ctx, x); if (mx) { (void)sk_X509_set(ctx->chain, 0, mx); X509_free(x); - ctx->last_untrusted = 0; + ctx->num_untrusted = 0; return X509_TRUST_TRUSTED; } } @@ -991,7 +967,8 @@ static int check_trust(X509_STORE_CTX *ctx) return X509_TRUST_UNTRUSTED; } -int x509_vfy_check_trust(X509_STORE_CTX *ctx) +int +x509_vfy_check_trust(X509_STORE_CTX *ctx) { return check_trust(ctx); } @@ -1103,17 +1080,17 @@ err: static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { - time_t *ptime = NULL; + time_t *ptime; int i; - if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) - return (1); - - if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; - if (notify) ctx->current_crl = crl; + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return (1); + else + ptime = NULL; i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); if (i == 0) { @@ -1438,7 +1415,7 @@ check_crl_path(X509_STORE_CTX *ctx, X509 *x) /* Don't allow recursive CRL path validation */ if (ctx->parent) return 0; - if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { + if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) { ret = -1; goto err; } @@ -1794,6 +1771,11 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx) if (ctx->parent) return 1; + + /* X509_policy_check always allocates a new tree. */ + X509_policy_tree_free(ctx->tree); + ctx->tree = NULL; + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, ctx->param->policies, ctx->param->flags); if (ret == 0) { @@ -1861,6 +1843,18 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) return ctx->verify_cb(0, ctx); } + +/* Mimic OpenSSL '0 for failure' ick */ +static int +time_t_bogocmp(time_t a, time_t b) +{ + if (a == -1 || b == -1) + return 0; + if (a <= b) + return -1; + return 1; +} + /* * Check certificate validity times. * @@ -1872,17 +1866,21 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) { - time_t *ptime; + time_t ptime; int i; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->param->check_time; + ptime = ctx->param->check_time; else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) return 1; else - ptime = NULL; + ptime = time(NULL); + + if (x->ex_flags & EXFLAG_SET) + i = time_t_bogocmp(x->not_before, ptime); + else + i = X509_cmp_time(X509_get_notBefore(x), &ptime); - i = X509_cmp_time(X509_get_notBefore(x), ptime); if (i >= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1892,7 +1890,11 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) X509_V_ERR_CERT_NOT_YET_VALID)) return 0; - i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); + if (x->ex_flags & EXFLAG_SET) + i = time_t_bogocmp(x->not_after, ptime); + else + i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); + if (i <= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1901,11 +1903,12 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED)) return 0; + return 1; } static int -internal_verify(X509_STORE_CTX *ctx) +x509_vfy_internal_verify(X509_STORE_CTX *ctx, int chain_verified) { int n = sk_X509_num(ctx->chain) - 1; X509 *xi = sk_X509_value(ctx->chain, n); @@ -1941,8 +1944,8 @@ internal_verify(X509_STORE_CTX *ctx) * certificate and its depth (rather than the depth of * the subject). */ - if (xs != xi || - (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (!chain_verified && ( xs != xi || + (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { EVP_PKEY *pkey; if ((pkey = X509_get_pubkey(xi)) == NULL) { if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, @@ -1959,7 +1962,7 @@ internal_verify(X509_STORE_CTX *ctx) } check_cert: /* Calls verify callback as needed */ - if (!x509_check_cert_time(ctx, xs, n)) + if (!chain_verified && !x509_check_cert_time(ctx, xs, n)) return 0; /* @@ -1980,6 +1983,22 @@ check_cert: return 1; } +static int +internal_verify(X509_STORE_CTX *ctx) +{ + return x509_vfy_internal_verify(ctx, 0); +} + +/* + * Internal verify, but with a chain where the verification + * math has already been performed. + */ +int +x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx) +{ + return x509_vfy_internal_verify(ctx, 1); +} + int X509_cmp_current_time(const ASN1_TIME *ctm) { @@ -2000,30 +2019,23 @@ X509_cmp_current_time(const ASN1_TIME *ctm) * 0 on error. */ static int -X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) +X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter) { - time_t compare; - struct tm tm1, tm2; - int ret = 0; + time_t compare, cert_time; if (cmp_time == NULL) compare = time(NULL); else compare = *cmp_time; - memset(&tm1, 0, sizeof(tm1)); + if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) == + -1) + return 0; /* invalid time */ - if (!x509_verify_asn1_time_to_tm(ctm, &tm1, clamp_notafter)) - goto out; /* invalid time */ + if (cert_time <= compare) + return -1; /* 0 is used for error, so map same to less than */ - if (gmtime_r(&compare, &tm2) == NULL) - goto out; - - ret = ASN1_time_tm_cmp(&tm1, &tm2); - if (ret == 0) - ret = -1; /* 0 is used for error, so map same to less than */ - out: - return (ret); + return 1; } int @@ -2067,17 +2079,15 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) return 1; for (i = 0; i < sk_X509_num(chain); i++) { - ktmp = X509_get_pubkey(sk_X509_value(chain, i)); + ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); if (ktmp == NULL) { X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return 0; } if (!EVP_PKEY_missing_parameters(ktmp)) break; - else { - EVP_PKEY_free(ktmp); + else ktmp = NULL; - } } if (ktmp == NULL) { X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); @@ -2086,14 +2096,15 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) /* first, populate the other certs */ for (j = i - 1; j >= 0; j--) { - ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); - EVP_PKEY_copy_parameters(ktmp2, ktmp); - EVP_PKEY_free(ktmp2); + if ((ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j))) == NULL) + return 0; + if (!EVP_PKEY_copy_parameters(ktmp2, ktmp)) + return 0; } if (pkey != NULL) - EVP_PKEY_copy_parameters(pkey, ktmp); - EVP_PKEY_free(ktmp); + if (!EVP_PKEY_copy_parameters(pkey, ktmp)) + return 0; return 1; } @@ -2137,12 +2148,24 @@ X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) return ctx->error_depth; } +void +X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) +{ + ctx->error_depth = depth; +} + X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { return ctx->current_cert; } +void +X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) +{ + ctx->current_cert = x; +} + STACK_OF(X509) * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) { @@ -2192,7 +2215,7 @@ X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) X509_STORE * X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) { - return xs->ctx; + return xs->store; } void @@ -2332,7 +2355,7 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, * may fail should go last to make sure 'ctx' is as consistent as * possible even on early exits. */ - ctx->ctx = store; + ctx->store = store; ctx->cert = x509; ctx->untrusted = chain; @@ -2482,6 +2505,12 @@ X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) X509_VERIFY_PARAM_set_time(ctx->param, t); } +int +(*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *) +{ + return ctx->verify_cb; +} + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)) @@ -2489,6 +2518,18 @@ X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, ctx->verify_cb = verify_cb; } +int +(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *) +{ + return ctx->verify; +} + +void +X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *)) +{ + ctx->verify = verify; +} + X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) { @@ -2507,6 +2548,13 @@ X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) ctx->untrusted = sk; } +void +X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + sk_X509_pop_free(ctx->chain, X509_free); + ctx->chain = sk; +} + X509_POLICY_TREE * X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) { @@ -2519,6 +2567,12 @@ X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) return ctx->explicit_policy; } +int +X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) +{ + return ctx->num_untrusted; +} + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) { diff --git a/externals/libressl/crypto/x509/x509_vpm.c b/externals/libressl/crypto/x509/x509_vpm.c index 448ee2098..13171e40f 100755 --- a/externals/libressl/crypto/x509/x509_vpm.c +++ b/externals/libressl/crypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.22 2020/09/14 08:10:04 beck Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.28 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -67,6 +67,7 @@ #include #include "vpm_int.h" +#include "x509_lcl.h" /* X509_VERIFY_PARAM functions */ @@ -172,6 +173,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param) X509_VERIFY_PARAM_ID *paramid; if (!param) return; + free(param->name); param->name = NULL; param->purpose = 0; param->trust = 0; @@ -207,7 +209,7 @@ X509_VERIFY_PARAM_new(void) param = calloc(1, sizeof(X509_VERIFY_PARAM)); if (param == NULL) return NULL; - paramid = calloc (1, sizeof(X509_VERIFY_PARAM_ID)); + paramid = calloc(1, sizeof(X509_VERIFY_PARAM_ID)); if (paramid == NULL) { free(param); return NULL; @@ -227,7 +229,8 @@ X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) free(param); } -/* This function determines how parameters are "inherited" from one structure +/* + * This function determines how parameters are "inherited" from one structure * to another. There are several different ways this can happen. * * 1. If a child structure needs to have its values initialized from a parent @@ -596,6 +599,7 @@ static const X509_VERIFY_PARAM_ID _empty_id = { NULL }; static const X509_VERIFY_PARAM default_table[] = { { .name = "default", + .flags = X509_V_FLAG_TRUSTED_FIRST, .depth = 100, .trust = 0, /* XXX This is not the default trust value */ .id = vpm_empty_id @@ -673,8 +677,8 @@ X509_VERIFY_PARAM_get_count(void) return num; } -const -X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) +const X509_VERIFY_PARAM * +X509_VERIFY_PARAM_get0(int id) { int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); if (id < num) @@ -682,8 +686,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) return sk_X509_VERIFY_PARAM_value(param_table, id - num); } -const -X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) +const X509_VERIFY_PARAM * +X509_VERIFY_PARAM_lookup(const char *name) { X509_VERIFY_PARAM pm; unsigned int i, limit; diff --git a/externals/libressl/crypto/x509/x509cset.c b/externals/libressl/crypto/x509/x509cset.c index 182dd8a95..b3af77d90 100755 --- a/externals/libressl/crypto/x509/x509cset.c +++ b/externals/libressl/crypto/x509/x509cset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509cset.c,v 1.14 2018/02/22 17:01:44 jsing Exp $ */ +/* $OpenBSD: x509cset.c,v 1.16 2021/11/01 20:53:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -63,8 +63,10 @@ #include #include +#include "x509_lcl.h" + int -X509_CRL_up_ref(X509_CRL *x) +X509_CRL_up_ref(X509_CRL *x) { int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); return (refs > 1) ? 1 : 0; @@ -208,3 +210,10 @@ X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) } return (in != NULL); } + +int +i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) +{ + crl->crl->enc.modified = 1; + return i2d_X509_CRL_INFO(crl->crl, pp); +} diff --git a/externals/libressl/crypto/x509/x509name.c b/externals/libressl/crypto/x509/x509name.c index 3649d6ab7..878d78784 100755 --- a/externals/libressl/crypto/x509/x509name.c +++ b/externals/libressl/crypto/x509/x509name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509name.c,v 1.26 2018/05/30 15:35:45 tb Exp $ */ +/* $OpenBSD: x509name.c,v 1.27 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,8 @@ #include #include +#include "x509_lcl.h" + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { diff --git a/externals/libressl/crypto/x509/x509rset.c b/externals/libressl/crypto/x509/x509rset.c index de02a4003..a2dd9e4cd 100755 --- a/externals/libressl/crypto/x509/x509rset.c +++ b/externals/libressl/crypto/x509/x509rset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509rset.c,v 1.7 2018/08/24 19:55:58 tb Exp $ */ +/* $OpenBSD: x509rset.c,v 1.9 2021/11/01 20:53:08 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,11 +63,14 @@ #include #include +#include "x509_lcl.h" + int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); + x->req_info->enc.modified = 1; return (ASN1_INTEGER_set(x->req_info->version, version)); } @@ -82,6 +85,7 @@ X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_NAME_set(&x->req_info->subject, name)); } @@ -96,5 +100,6 @@ X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->req_info == NULL)) return (0); + x->req_info->enc.modified = 1; return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); } diff --git a/externals/libressl/crypto/x509/x509type.c b/externals/libressl/crypto/x509/x509type.c index 315a5c232..7495b9ef0 100755 --- a/externals/libressl/crypto/x509/x509type.c +++ b/externals/libressl/crypto/x509/x509type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509type.c,v 1.13 2018/05/30 15:59:33 tb Exp $ */ +/* $OpenBSD: x509type.c,v 1.15 2021/12/12 21:30:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,9 @@ #include #include +#include "evp_locl.h" +#include "x509_lcl.h" + int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) { diff --git a/externals/libressl/crypto/x509/x_all.c b/externals/libressl/crypto/x509/x_all.c index 36c12b80e..9bcb0c3bb 100755 --- a/externals/libressl/crypto/x509/x_all.c +++ b/externals/libressl/crypto/x509/x_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_all.c,v 1.23 2016/12/30 15:24:51 jsing Exp $ */ +/* $OpenBSD: x_all.c,v 1.25 2021/12/03 16:46:50 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -73,6 +73,8 @@ #include #endif +#include "x509_lcl.h" + X509 * d2i_X509_bio(BIO *bp, X509 **x509) { @@ -217,31 +219,6 @@ i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) { return ASN1_item_i2d_fp(&RSAPublicKey_it, fp, rsa); } - -RSA * -d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) -{ - return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); -} - -int -i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) -{ - return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); -} - -int -i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) -{ - return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); -} - -RSA * -d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) -{ - return ASN1_d2i_fp((void *(*)(void))RSA_new, - (D2I_OF(void))d2i_RSA_PUBKEY, fp, (void **)rsa); -} #endif #ifndef OPENSSL_NO_DSA @@ -268,30 +245,6 @@ i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) { return ASN1_item_i2d_fp(&DSAPrivateKey_it, fp, dsa); } - -DSA * -d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) -{ - return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); -} - -int -i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) -{ - return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); -} - -DSA * -d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) -{ - return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); -} - -int -i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) -{ - return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); -} #endif #ifndef OPENSSL_NO_EC @@ -318,29 +271,6 @@ i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) { return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); } - -EC_KEY * -d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) -{ - return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); -} - -int -i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) -{ - return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); -} -EC_KEY * -d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) -{ - return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); -} - -int -i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) -{ - return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); -} #endif X509_SIG * @@ -421,30 +351,6 @@ i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); } -EVP_PKEY * -d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) -{ - return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); -} - -int -i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) -{ - return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); -} - -int -i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) -{ - return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); -} - -EVP_PKEY * -d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) -{ - return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); -} - int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) { diff --git a/externals/libressl/include/compat/arpa/nameser.h b/externals/libressl/include/compat/arpa/nameser.h index 0126a604a..eff3b0d90 100755 --- a/externals/libressl/include/compat/arpa/nameser.h +++ b/externals/libressl/include/compat/arpa/nameser.h @@ -4,7 +4,9 @@ */ #ifndef _WIN32 +#ifdef HAVE_ARPA_NAMESER_H #include_next +#endif #else #include diff --git a/externals/libressl/include/compat/endian.h b/externals/libressl/include/compat/endian.h new file mode 100755 index 000000000..1ed255e8b --- /dev/null +++ b/externals/libressl/include/compat/endian.h @@ -0,0 +1,48 @@ +/* + * Public domain + * endian.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_BYTE_ORDER_H_ +#define LIBCRYPTOCOMPAT_BYTE_ORDER_H_ + +#if defined(_WIN32) + +#define LITTLE_ENDIAN 1234 +#define BIG_ENDIAN 4321 +#define PDP_ENDIAN 3412 + +/* + * Use GCC and Visual Studio compiler defines to determine endian. + */ +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define BYTE_ORDER LITTLE_ENDIAN +#else +#define BYTE_ORDER BIG_ENDIAN +#endif + +#elif defined(HAVE_ENDIAN_H) +#include_next + +#elif defined(__sun) || defined(_AIX) || defined(__hpux) +#include +#include + +#elif defined(__sgi) +#include +#include + +#endif + +#ifndef __STRICT_ALIGNMENT +#define __STRICT_ALIGNMENT +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(__aarch64__) || \ + ((defined(__arm__) || defined(__arm)) && __ARM_ARCH >= 6) +#undef __STRICT_ALIGNMENT +#endif +#endif + +#endif diff --git a/externals/libressl/include/compat/err.h b/externals/libressl/include/compat/err.h index 8b5b63574..945a75d61 100755 --- a/externals/libressl/include/compat/err.h +++ b/externals/libressl/include/compat/err.h @@ -72,16 +72,22 @@ warn(const char *fmt, ...) fprintf(stderr, "%s\n", strerror(sverrno)); } +static inline void +vwarnx(const char *fmt, va_list args) +{ + if (fmt != NULL) + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + static inline void warnx(const char *fmt, ...) { va_list ap; va_start(ap, fmt); - if (fmt != NULL) - vfprintf(stderr, fmt, ap); + vwarnx(fmt, ap); va_end(ap); - fprintf(stderr, "\n"); } #endif diff --git a/externals/libressl/include/compat/netinet/ip.h b/externals/libressl/include/compat/netinet/ip.h index 6019f7dcd..29f17f3f7 100755 --- a/externals/libressl/include/compat/netinet/ip.h +++ b/externals/libressl/include/compat/netinet/ip.h @@ -8,7 +8,9 @@ #endif #ifndef _WIN32 +#ifdef HAVE_NETINET_IP_H #include_next +#endif #else #include #endif diff --git a/externals/libressl/include/compat/pthread.h b/externals/libressl/include/compat/pthread.h index 1527d3c0d..1ab011c39 100755 --- a/externals/libressl/include/compat/pthread.h +++ b/externals/libressl/include/compat/pthread.h @@ -102,6 +102,14 @@ pthread_mutex_unlock(pthread_mutex_t *mutex) return 0; } +static inline int +pthread_mutex_destroy(pthread_mutex_t *mutex) +{ + DeleteCriticalSection(mutex->lock); + free(mutex->lock); + return 0; +} + #else #include_next #endif diff --git a/externals/libressl/include/compat/resolv.h b/externals/libressl/include/compat/resolv.h index 42dec07b6..b8044605c 100755 --- a/externals/libressl/include/compat/resolv.h +++ b/externals/libressl/include/compat/resolv.h @@ -12,7 +12,7 @@ #else #include <../include/resolv.h> #endif -#else +#elif defined(HAVE_RESOLV_H) #include_next #endif diff --git a/externals/libressl/include/compat/sys/socket.h b/externals/libressl/include/compat/sys/socket.h index 10eb05f67..2f0b197b3 100755 --- a/externals/libressl/include/compat/sys/socket.h +++ b/externals/libressl/include/compat/sys/socket.h @@ -10,6 +10,7 @@ #endif #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) +#define NEED_SOCKET_FLAGS #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); diff --git a/externals/libressl/include/openssl/asn1.h b/externals/libressl/include/openssl/asn1.h index 0a8da415f..e569e875c 100755 --- a/externals/libressl/include/openssl/asn1.h +++ b/externals/libressl/include/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */ +/* $OpenBSD: asn1.h,v 1.62 2022/01/14 08:53:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -162,52 +162,6 @@ DECLARE_STACK_OF(X509_ALGOR) #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ -/* We MUST make sure that, except for constness, asn1_ctx_st and - asn1_const_ctx are exactly the same. Fortunately, as soon as - the old ASN1 parsing macros are gone, we can throw this away - as well... */ -typedef struct asn1_ctx_st { - unsigned char *p;/* work char pointer */ - int eos; /* end of sequence read for indefinite encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - unsigned char *max; /* largest value of p allowed */ - unsigned char *q;/* temporary variable */ - unsigned char **pp;/* variable */ - int line; /* used in error processing */ -} ASN1_CTX; - -typedef struct asn1_const_ctx_st { - const unsigned char *p;/* work char pointer */ - int eos; /* end of sequence read for indefinite encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - const unsigned char *max; /* largest value of p allowed */ - const unsigned char *q;/* temporary variable */ - const unsigned char **pp;/* variable */ - int line; /* used in error processing */ -} ASN1_const_CTX; - -/* These are used internally in the ASN1_OBJECT to keep track of - * whether the names and data need to be free()ed */ -#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ -#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ -#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ -#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ -typedef struct asn1_object_st { - const char *sn, *ln; - int nid; - int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ -} ASN1_OBJECT; - #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should @@ -530,11 +484,6 @@ ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char * int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); extern const ASN1_ITEM ASN1_SET_ANY_it; -typedef struct NETSCAPE_X509_st { - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; - /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { int bitnum; @@ -645,9 +594,6 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, BIT_STRING_BITNAME *tbl); -int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); - ASN1_INTEGER *ASN1_INTEGER_new(void); void ASN1_INTEGER_free(ASN1_INTEGER *a); ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len); @@ -773,6 +719,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len); int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out); extern const ASN1_ITEM ASN1_TIME_it; +int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, + const ASN1_TIME *to); + extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it; ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); @@ -816,8 +765,6 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int max); /* SPECIALS */ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, int *pclass, long omax); -int ASN1_check_infinite_end(unsigned char **p, long len); -int ASN1_const_check_infinite_end(const unsigned char **p, long len); void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int xclass); int ASN1_put_eoc(unsigned char **pp); @@ -895,14 +842,6 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int unsigned long ASN1_tag2bit(int tag); const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert */ - -NETSCAPE_X509 *NETSCAPE_X509_new(void); -void NETSCAPE_X509_free(NETSCAPE_X509 *a); -NETSCAPE_X509 *d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len); -int i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out); -extern const ASN1_ITEM NETSCAPE_X509_it; - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len); @@ -1137,6 +1076,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BAD_TEMPLATE 230 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 diff --git a/externals/libressl/include/openssl/asn1t.h b/externals/libressl/include/openssl/asn1t.h index d6168b65e..892c8b70c 100755 --- a/externals/libressl/include/openssl/asn1t.h +++ b/externals/libressl/include/openssl/asn1t.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1t.h,v 1.15 2019/08/20 13:10:09 inoguchi Exp $ */ +/* $OpenBSD: asn1t.h,v 1.19 2022/01/14 08:43:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -92,7 +92,7 @@ extern "C" { /* Macros to aid ASN1 template writing */ #define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt + static const ASN1_TEMPLATE tname##_item_tt #define ASN1_ITEM_TEMPLATE_END(tname) \ ;\ @@ -120,29 +120,30 @@ extern "C" { /* This is a ASN1 type which just embeds a template */ - -/* This pair helps declare a SEQUENCE. We can do: + +/* + * This pair helps declare a SEQUENCE. We can do: * - * ASN1_SEQUENCE(stname) = { - * ... SEQUENCE components ... - * } ASN1_SEQUENCE_END(stname) + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) * - * This will produce an ASN1_ITEM called stname_it + * This will produce an ASN1_ITEM called stname_it * for a structure called stname. * - * If you want the same structure but a different + * If you want the same structure but a different * name then use: * - * ASN1_SEQUENCE(itname) = { - * ... SEQUENCE components ... - * } ASN1_SEQUENCE_END_name(stname, itname) + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) * * This will create an item called itname_it using * a structure called stname. */ #define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] + static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) @@ -263,13 +264,14 @@ extern "C" { ASN1_ITEM_end(tname) -/* This pair helps declare a CHOICE type. We can do: +/* + * This pair helps declare a CHOICE type. We can do: * - * ASN1_CHOICE(chname) = { - * ... CHOICE options ... - * ASN1_CHOICE_END(chname) + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) * - * This will produce an ASN1_ITEM called chname_it + * This will produce an ASN1_ITEM called chname_it * for a structure called chname. The structure * definition must look like this: * typedef struct { @@ -279,14 +281,14 @@ extern "C" { * ASN1_SOMEOTHER *opt2; * } value; * } chname; - * + * * the name of the selector must be 'type'. - * to use an alternative selector name use the + * to use an alternative selector name use the * ASN1_CHOICE_END_selector() version. */ #define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] + static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ @@ -437,7 +439,7 @@ extern "C" { /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] + static const ASN1_ADB_TABLE name##_adbtbl[] #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ @@ -456,7 +458,7 @@ extern "C" { #define ADB_ENTRY(val, template) {val, template} #define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt + static const ASN1_TEMPLATE name##_tt #endif /* !LIBRESSL_INTERNAL */ @@ -467,13 +469,11 @@ extern "C" { */ struct ASN1_TEMPLATE_st { -unsigned long flags; /* Various flags */ -long tag; /* tag, not used if no tagging */ -unsigned long offset; /* Offset of this field in structure */ -#ifndef NO_ASN1_FIELD_NAMES -const char *field_name; /* Field name */ -#endif -ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ @@ -487,7 +487,6 @@ typedef struct ASN1_ADB_st ASN1_ADB; struct ASN1_ADB_st { unsigned long flags; /* Various flags */ unsigned long offset; /* Offset of selector field */ - STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ const ASN1_ADB_TABLE *tbl; /* Table of possible types */ long tblcount; /* Number of entries in tbl */ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ @@ -540,24 +539,25 @@ struct ASN1_ADB_TABLE_st { /* context specific EXPLICIT */ #define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT -/* If tagging is in force these determine the - * type of tag to use. Otherwise the tag is - * determined by the underlying type. These - * values reflect the actual octet format. +/* + * If tagging is in force these determine the type of tag to use. Otherwiser + * the tag is determined by the underlying type. These values reflect the + * actual octet format. */ -/* Universal tag */ +/* Universal tag */ #define ASN1_TFLG_UNIVERSAL (0x0<<6) -/* Application tag */ +/* Application tag */ #define ASN1_TFLG_APPLICATION (0x1<<6) -/* Context specific tag */ +/* Context specific tag */ #define ASN1_TFLG_CONTEXT (0x2<<6) -/* Private tag */ +/* Private tag */ #define ASN1_TFLG_PRIVATE (0x3<<6) #define ASN1_TFLG_TAG_CLASS (0x3<<6) -/* These are for ANY DEFINED BY type. In this case +/* + * These are for ANY DEFINED BY type. In this case * the 'item' field points to an ASN1_ADB structure * which contains a table of values to decode the * relevant type @@ -569,7 +569,8 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_ADB_INT (0x1<<9) -/* This flag means a parent structure is passed +/* + * This flag means a parent structure is passed * instead of the field: this is useful is a * SEQUENCE is being combined with a CHOICE for * example. Since this means the structure and @@ -579,7 +580,8 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_COMBINE (0x1<<10) -/* This flag when present in a SEQUENCE OF, SET OF +/* + * This flag when present in a SEQUENCE OF, SET OF * or EXPLICIT causes indefinite length constructed * encoding to be used if required. */ @@ -589,15 +591,13 @@ struct ASN1_ADB_TABLE_st { /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { -char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ -long utype; /* underlying type */ -const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ -long tcount; /* Number of templates if SEQUENCE or CHOICE */ -const void *funcs; /* functions that handle this type */ -long size; /* Structure size (usually)*/ -#ifndef NO_ASN1_FIELD_NAMES -const char *sname; /* Structure name */ -#endif + char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually)*/ + const char *sname; /* Structure name */ }; /* These are values for the itype field and @@ -606,7 +606,7 @@ const char *sname; /* Structure name */ * For PRIMITIVE types the underlying type * determines the behaviour if items is NULL. * - * Otherwise templates must contain a single + * Otherwise templates must contain a single * template and the type is treated in the * same way as the type specified in the template. * @@ -620,7 +620,7 @@ const char *sname; /* Structure name */ * selector. * * The 'funcs' field is used for application - * specific functions. + * specific functions. * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible @@ -657,7 +657,7 @@ const char *sname; /* Structure name */ * like CHOICE */ -struct ASN1_TLC_st{ +struct ASN1_TLC_st { char valid; /* Values below are valid */ int ret; /* return value */ long plen; /* length */ @@ -680,8 +680,8 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); -typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, - int indent, const char *fname, +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, const ASN1_PCTX *pctx); typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); @@ -719,7 +719,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { * used. This is most useful where the supplied routines * *almost* do the right thing but need some extra help * at a few points. If the callback returns zero then - * it is assumed a fatal error has occurred and the + * it is assumed a fatal error has occurred and the * main operation should be abandoned. * * If major changes in the default behaviour are required @@ -853,13 +853,13 @@ typedef struct ASN1_STREAM_ARG_st { int i2d_##fname(stname *a, unsigned char **out) \ { \ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } + } #define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ { \ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ - } + } /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. @@ -872,7 +872,7 @@ typedef struct ASN1_STREAM_ARG_st { int i2d_##fname(const stname *a, unsigned char **out) \ { \ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } + } #define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ stname * stname##_dup(stname *x) \ @@ -889,7 +889,7 @@ typedef struct ASN1_STREAM_ARG_st { { \ return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ ASN1_ITEM_rptr(itname), pctx); \ - } + } #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) @@ -929,22 +929,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); - -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); - -ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); - -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); - #ifdef __cplusplus } #endif diff --git a/externals/libressl/include/openssl/bio.h b/externals/libressl/include/openssl/bio.h index 9fbf3bced..d4bf8cb30 100755 --- a/externals/libressl/include/openssl/bio.h +++ b/externals/libressl/include/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */ +/* $OpenBSD: bio.h,v 1.54 2022/01/14 08:40:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,8 +205,6 @@ extern "C" { */ #define BIO_FLAGS_MEM_RDONLY 0x200 -typedef struct bio_st BIO; - void BIO_set_flags(BIO *b, int flags); int BIO_test_flags(const BIO *b, int flags); void BIO_clear_flags(BIO *b, int flags); @@ -252,85 +250,39 @@ void BIO_clear_flags(BIO *b, int flags); #define BIO_CB_GETS 0x05 #define BIO_CB_CTRL 0x06 -/* The callback is called before and after the underling operation, - * The BIO_CB_RETURN flag indicates if it is after the call */ +/* + * The callback is called before and after the underling operation, + * the BIO_CB_RETURN flag indicates if it is after the call. + */ #define BIO_CB_RETURN 0x80 #define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -long (*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, - int, long, long); -void BIO_set_callback(BIO *b, - long (*callback)(struct bio_st *, int, const char *, int, long, long)); +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, long argl, int ret, size_t *processed); + +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + char *BIO_get_callback_arg(const BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); -const char * BIO_method_name(const BIO *b); +const char *BIO_method_name(const BIO *b); int BIO_method_type(const BIO *b); typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); typedef int BIO_info_cb(BIO *, int, int); -typedef struct bio_method_st { - int type; - const char *name; - int (*bwrite)(BIO *, const char *, int); - int (*bread)(BIO *, char *, int); - int (*bputs)(BIO *, const char *); - int (*bgets)(BIO *, char *, int); - long (*ctrl)(BIO *, int, long, void *); - int (*create)(BIO *); - int (*destroy)(BIO *); - long (*callback_ctrl)(BIO *, int, bio_info_cb *); -} BIO_METHOD; - -struct bio_st { - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ - long (*callback)(struct bio_st *, int, const char *, int, long, long); - char *cb_arg; /* first argument for the callback */ - - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - int references; - unsigned long num_read; - unsigned long num_write; - - CRYPTO_EX_DATA ex_data; -}; +typedef struct bio_method_st BIO_METHOD; DECLARE_STACK_OF(BIO) -typedef struct bio_f_buffer_ctx_struct { - /* Buffers are setup like this: - * - * <---------------------- size -----------------------> - * +---------------------------------------------------+ - * | consumed | remaining | free space | - * +---------------------------------------------------+ - * <-- off --><------- len -------> - */ - - /* BIO *bio; */ /* this is now in the BIO struct */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ -} BIO_F_BUFFER_CTX; - /* Prefix and suffix callback in ASN1 BIO */ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); @@ -600,14 +552,14 @@ int BIO_get_new_index(void); const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file BIO *BIO_new(const BIO_METHOD *type); int BIO_set(BIO *a, const BIO_METHOD *type); int BIO_free(BIO *a); int BIO_up_ref(BIO *bio); -void *BIO_get_data(BIO *a); -void BIO_set_data(BIO *a, void *ptr); -void BIO_set_init(BIO *a, int init); +void *BIO_get_data(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +int BIO_get_init(BIO *a); +void BIO_set_init(BIO *a, int init); int BIO_get_shutdown(BIO *a); void BIO_set_shutdown(BIO *a, int shut); void BIO_vfree(BIO *a); @@ -620,8 +572,7 @@ int BIO_write(BIO *b, const void *data, int len) int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -long BIO_callback_ctrl(BIO *b, int cmd, - void (*fp)(struct bio_st *, int, const char *, int, long, long)); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); char * BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); BIO * BIO_push(BIO *b, BIO *append); @@ -629,8 +580,10 @@ BIO * BIO_pop(BIO *b); void BIO_free_all(BIO *a); BIO * BIO_find_type(BIO *b, int bio_type); BIO * BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); BIO * BIO_get_retry_BIO(BIO *bio, int *reason); int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); BIO * BIO_dup_chain(BIO *in); int BIO_nread0(BIO *bio, char **buf); @@ -805,6 +758,7 @@ void ERR_load_BIO_strings(void); #define BIO_R_INVALID_PORT_NUMBER 129 #define BIO_R_IN_USE 123 #define BIO_R_KEEPALIVE 109 +#define BIO_R_LENGTH_TOO_LONG 130 #define BIO_R_NBIO_CONNECT_ERROR 110 #define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 #define BIO_R_NO_HOSTNAME_SPECIFIED 112 diff --git a/externals/libressl/include/openssl/blowfish.h b/externals/libressl/include/openssl/blowfish.h index 4d2db8055..260545e6b 100755 --- a/externals/libressl/include/openssl/blowfish.h +++ b/externals/libressl/include/openssl/blowfish.h @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.h,v 1.14 2014/07/10 09:01:04 miod Exp $ */ +/* $OpenBSD: blowfish.h,v 1.15 2021/11/30 18:31:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -84,11 +84,10 @@ extern "C" { #define BF_ROUNDS 16 #define BF_BLOCK 8 -typedef struct bf_key_st - { +typedef struct bf_key_st { BF_LONG P[BF_ROUNDS+2]; BF_LONG S[4*256]; - } BF_KEY; +} BF_KEY; void BF_set_key(BF_KEY *key, int len, const unsigned char *data); diff --git a/externals/libressl/include/openssl/bn.h b/externals/libressl/include/openssl/bn.h index cc1f46752..abf8cfcf7 100755 --- a/externals/libressl/include/openssl/bn.h +++ b/externals/libressl/include/openssl/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.39 2019/08/25 19:23:59 schwarze Exp $ */ +/* $OpenBSD: bn.h,v 1.52 2022/01/14 08:01:47 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -226,84 +226,36 @@ extern "C" { #endif #ifndef OPENSSL_NO_DEPRECATED -#define BN_FLG_FREE 0x8000 /* used for debuging */ +#define BN_FLG_FREE 0x8000 /* used for debugging */ #endif -#define BN_set_flags(b,n) ((b)->flags|=(n)) -#define BN_get_flags(b,n) ((b)->flags&(n)) +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); +void BN_with_flags(BIGNUM *dest, const BIGNUM *src, int flags); -/* get a clone of a BIGNUM with changed flags, for *temporary* use only - * (the two BIGNUMs cannot not be used in parallel!) */ -#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ - (dest)->top=(b)->top, \ - (dest)->dmax=(b)->dmax, \ - (dest)->neg=(b)->neg, \ - (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ - | ((b)->flags & ~BN_FLG_MALLOCED) \ - | BN_FLG_STATIC_DATA \ - | (n))) +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 - * (Ni is only stored for bignum algorithm) */ - BN_ULONG n0[2];/* least significant word(s) of Ni; - (type changed with 0.9.9, was "BN_ULONG n0;" before) */ - int flags; -}; - -/* Used for reciprocal division/mod functions - * It cannot be shared between threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if(ver==1) - handles old style callbacks */ - void (*cb_1)(int, int, void *); - /* if(ver==2) - new callback style */ - int (*cb_2)(int, int, BN_GENCB *); - } cb; -}; +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 BN_GENCB *BN_GENCB_new(void); void BN_GENCB_free(BN_GENCB *cb); -void *BN_GENCB_get_arg(BN_GENCB *cb); /* Wrapper function to make using BN_GENCB easier, */ int BN_GENCB_call(BN_GENCB *cb, int a, int b); -/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 1; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_1 = (callback); } -/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -#define BN_GENCB_set(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 2; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_2 = (callback); } + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -380,24 +332,18 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); (b) >= 308 ? 8 : \ (b) >= 55 ? 27 : \ /* b >= 6 */ 34) - + #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ - (((w) == 0) && ((a)->top == 0))) -#define BN_is_zero(a) ((a)->top == 0) -#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); -#define BN_one(a) (BN_set_word((a),1)) -#define BN_zero_ex(a) \ - do { \ - BIGNUM *_tmp_bn = (a); \ - _tmp_bn->top = 0; \ - _tmp_bn->neg = 0; \ - } while(0) +#define BN_one(a) BN_set_word((a), 1) + +void BN_zero_ex(BIGNUM *a); #ifdef OPENSSL_NO_DEPRECATED #define BN_zero(a) BN_zero_ex(a) @@ -428,6 +374,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); @@ -441,11 +390,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise */ void BN_set_negative(BIGNUM *b, int n); -/** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise - */ -#define BN_is_negative(a) ((a)->neg != 0) + +int BN_is_negative(const BIGNUM *b); #ifndef LIBRESSL_INTERNAL int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, @@ -560,8 +506,8 @@ BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); -#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - (r),(a),&((mont)->RR),(mont),(ctx)) +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); diff --git a/externals/libressl/include/openssl/comp.h b/externals/libressl/include/openssl/comp.h index fe7397f8e..7c99ead35 100755 --- a/externals/libressl/include/openssl/comp.h +++ b/externals/libressl/include/openssl/comp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: comp.h,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ +/* $OpenBSD: comp.h,v 1.9 2022/01/14 08:21:12 tb Exp $ */ #ifndef HEADER_COMP_H #define HEADER_COMP_H @@ -9,33 +9,6 @@ extern "C" { #endif -typedef struct comp_ctx_st COMP_CTX; - -typedef struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init)(COMP_CTX *ctx); - void (*finish)(COMP_CTX *ctx); - int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - /* The following two do NOTHING, but are kept for backward compatibility */ - long (*ctrl)(void); - long (*callback_ctrl)(void); -} COMP_METHOD; - -struct comp_ctx_st { - COMP_METHOD *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - - CRYPTO_EX_DATA ex_data; -}; - - COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, diff --git a/externals/libressl/include/openssl/crypto.h b/externals/libressl/include/openssl/crypto.h index 7de8abb43..5524feec9 100755 --- a/externals/libressl/include/openssl/crypto.h +++ b/externals/libressl/include/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.50 2019/01/19 01:07:00 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.54 2022/01/14 08:23:25 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -143,15 +143,6 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 -/* A generic structure to pass assorted data in a expandable way */ -typedef struct openssl_item_st { - int code; - void *value; /* Not used for flag attributes */ - size_t value_size; /* Max size of value for output, length for input */ - size_t *value_length; /* Returned length of value for output */ -} OPENSSL_ITEM; - - /* When changing the CRYPTO_LOCK_* list, be sure to maintain the text lock * names in cryptlib.c */ @@ -205,15 +196,15 @@ typedef struct openssl_item_st { #ifndef CRYPTO_w_lock #define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) #define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) #define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) + CRYPTO_add_lock(addr,amount,type,NULL,0) #endif /* Some applications as well as some parts of OpenSSL need to allocate @@ -309,19 +300,19 @@ int CRYPTO_is_mem_check_on(void); #define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) #define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) -#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) +#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) #define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) + CRYPTO_realloc((char *)addr,(int)num,NULL,0) #define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) + CRYPTO_realloc_clean(addr,old_num,num,NULL,0) #define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) + CRYPTO_remalloc((char **)addr,(int)num,NULL,0) #define OPENSSL_freeFunc CRYPTO_free #define OPENSSL_free(addr) CRYPTO_free(addr) #define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) + CRYPTO_malloc_locked((int)num,NULL,0) #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) #endif @@ -457,7 +448,7 @@ void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); #define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); + CRYPTO_push_info_(info, NULL, 0); int CRYPTO_push_info_(const char *info, const char *file, int line); int CRYPTO_pop_info(void); int CRYPTO_remove_all_info(void); @@ -505,6 +496,9 @@ uint64_t OPENSSL_cpu_caps(void); int OPENSSL_isservice(void); #ifndef LIBRESSL_INTERNAL +int FIPS_mode(void); +int FIPS_mode_set(int r); + void OPENSSL_init(void); /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It diff --git a/externals/libressl/include/openssl/ct.h b/externals/libressl/include/openssl/ct.h new file mode 100755 index 000000000..2b5490377 --- /dev/null +++ b/externals/libressl/include/openssl/ct.h @@ -0,0 +1,514 @@ +/* $OpenBSD: ct.h,v 1.6 2021/12/18 16:50:40 tb Exp $ */ +/* + * Public API for Certificate Transparency (CT). + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CT_H +#define HEADER_CT_H + +#include + +#ifndef OPENSSL_NO_CT +#include +#include +#include +#include +#ifdef __cplusplus +extern "C" { +#endif + +/* Minimum RSA key size, from RFC6962 */ +#define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DECLARE_STACK_OF(SCT) +DECLARE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, + const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +#ifdef __cplusplus +} +#endif +#endif +#endif diff --git a/externals/libressl/include/openssl/cterr.h b/externals/libressl/include/openssl/cterr.h new file mode 100755 index 000000000..07ae519bb --- /dev/null +++ b/externals/libressl/include/openssl/cterr.h @@ -0,0 +1,127 @@ +/* $OpenBSD: cterr.h,v 1.5 2021/12/18 16:50:40 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# include + +# ifndef OPENSSL_NO_CT + +#ifdef __cplusplus +extern "C" +#endif + +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/externals/libressl/include/openssl/dh.h b/externals/libressl/include/openssl/dh.h index 082b50254..ef1049502 100755 --- a/externals/libressl/include/openssl/dh.h +++ b/externals/libressl/include/openssl/dh.h @@ -1,25 +1,25 @@ -/* $OpenBSD: dh.h,v 1.25 2018/02/22 16:41:04 jsing Exp $ */ +/* $OpenBSD: dh.h,v 1.32 2022/01/14 08:25:44 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,7 +72,7 @@ #ifndef OPENSSL_NO_DEPRECATED #include #endif - + #ifndef OPENSSL_DH_MAX_MODULUS_BITS # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -98,55 +98,6 @@ extern "C" { #endif -/* Already defined in ossl_typ.h */ -/* typedef struct dh_st DH; */ -/* typedef struct dh_method DH_METHOD; */ - -struct dh_method - { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); - }; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - }; - #define DH_GENERATOR_2 2 /* #define DH_GENERATOR_3 3 */ #define DH_GENERATOR_5 5 @@ -156,10 +107,14 @@ struct dh_st #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +#define DH_CHECK_Q_NOT_PRIME 0x10 +#define DH_CHECK_INVALID_Q_VALUE 0x20 +#define DH_CHECK_INVALID_J_VALUE 0x40 /* DH_check_pub_key error codes */ #define DH_CHECK_PUBKEY_TOO_SMALL 0x01 #define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +#define DH_CHECK_PUBKEY_INVALID 0x04 /* primes p where (p-1)/2 is prime too are called "safe"; we define this for backward compatibility: */ @@ -195,9 +150,15 @@ void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); +long DH_get_length(const DH *dh); int DH_set_length(DH *dh, long length); /* Deprecated version */ @@ -232,7 +193,7 @@ int DHparams_print(char *bp, const DH *x); #define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) - + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -274,6 +235,17 @@ void ERR_load_DH_strings(void); #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_PARAMETER_ENCODING_ERROR 105 +#define DH_R_CHECK_INVALID_J_VALUE 115 +#define DH_R_CHECK_INVALID_Q_VALUE 116 +#define DH_R_CHECK_PUBKEY_INVALID 122 +#define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +#define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +#define DH_R_CHECK_P_NOT_PRIME 117 +#define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +#define DH_R_CHECK_Q_NOT_PRIME 119 +#define DH_R_MISSING_PUBKEY 125 +#define DH_R_NOT_SUITABLE_GENERATOR 120 +#define DH_R_UNABLE_TO_CHECK_GENERATOR 121 #ifdef __cplusplus } diff --git a/externals/libressl/include/openssl/dsa.h b/externals/libressl/include/openssl/dsa.h index 61bfc2b46..4fafce382 100755 --- a/externals/libressl/include/openssl/dsa.h +++ b/externals/libressl/include/openssl/dsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.h,v 1.30 2018/03/17 15:19:12 tb Exp $ */ +/* $OpenBSD: dsa.h,v 1.35 2022/01/14 08:27:23 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -109,69 +109,7 @@ extern "C" { #endif -/* Already defined in ossl_typ.h */ -/* typedef struct dsa_st DSA; */ -/* typedef struct dsa_method DSA_METHOD; */ - -typedef struct DSA_SIG_st - { - BIGNUM *r; - BIGNUM *s; - } DSA_SIG; - -struct dsa_method - { - const char *name; - DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(DSA *dsa); - int (*finish)(DSA *dsa); - int flags; - char *app_data; - /* If this is non-NULL, it is used to generate DSA parameters */ - int (*dsa_paramgen)(DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen)(DSA *dsa); - }; - -struct dsa_st - { - /* This first variable is used to pick up errors where - * a DSA is passed instead of of a EVP_PKEY */ - int pad; - long version; - int write_params; - BIGNUM *p; - BIGNUM *q; /* == 20 */ - BIGNUM *g; - - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ - - BIGNUM *kinv; /* Signing pre-calc */ - BIGNUM *r; /* Signing pre-calc */ - - int flags; - /* Normally used to cache montgomery values */ - BN_MONT_CTX *method_mont_p; - int references; - CRYPTO_EX_DATA ex_data; - const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - }; +typedef struct DSA_SIG_st DSA_SIG; DSA *d2i_DSAparams_bio(BIO *bp, DSA **a); int i2d_DSAparams_bio(BIO *bp, DSA *a); @@ -202,6 +140,7 @@ void DSA_free(DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); int DSA_size(const DSA *); +int DSA_bits(const DSA *d); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); int DSA_sign(int type,const unsigned char *dgst,int dlen, @@ -247,9 +186,12 @@ int DSA_print(BIO *bp, const DSA *x, int off); int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); -#define DSS_prime_checks 50 -/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: - * 50 rounds of Rabin-Miller */ +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Set the number + * to 64 rounds of Miller-Rabin, which corresponds to 128 bits of security. + * This is necessary for keys of size >= 3072. + */ +#define DSS_prime_checks 64 #define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -264,6 +206,11 @@ void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); diff --git a/externals/libressl/include/openssl/dtls1.h b/externals/libressl/include/openssl/dtls1.h index c9c596351..79542c807 100755 --- a/externals/libressl/include/openssl/dtls1.h +++ b/externals/libressl/include/openssl/dtls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */ +/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -78,6 +78,8 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD +#define DTLS1_VERSION_MAJOR 0xFE /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 @@ -93,91 +95,6 @@ extern "C" { #define DTLS1_AL_HEADER_LENGTH 2 -#ifndef OPENSSL_NO_SSL_INTERN - - -typedef struct dtls1_bitmap_st { - unsigned long map; /* track 32 packets on 32-bit systems - and 64 - on 64-bit systems */ - unsigned char max_seq_num[8]; /* max record number seen so far, - 64-bit value in big-endian - encoding */ -} DTLS1_BITMAP; - -struct dtls1_retransmit_state { - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ - SSL_SESSION *session; - unsigned short epoch; -}; - -struct hm_header_st { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; -}; - -struct ccs_header_st { - unsigned char type; - unsigned short seq; -}; - -struct dtls1_timeout_st { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - - /* Number of write timeouts so far */ - unsigned int write_timeouts; - - /* Number of alerts received so far */ - unsigned int num_alerts; -}; - -struct _pqueue; - -typedef struct record_pqueue_st { - unsigned short epoch; - struct _pqueue *q; -} record_pqueue; - -typedef struct hm_fragment_st { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; -} hm_fragment; - -struct dtls1_state_internal_st; - -typedef struct dtls1_state_st { - /* Buffered (sent) handshake records */ - struct _pqueue *sent_messages; - - /* Indicates when the last handshake msg or heartbeat sent will timeout */ - struct timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - struct dtls1_state_internal_st *internal; -} DTLS1_STATE; - -#ifndef LIBRESSL_INTERNAL - -typedef struct dtls1_record_data_st { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; -} DTLS1_RECORD_DATA; - -#endif - -#endif - /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ #define DTLS1_TMO_READ_COUNT 2 #define DTLS1_TMO_WRITE_COUNT 2 diff --git a/externals/libressl/include/openssl/ec.h b/externals/libressl/include/openssl/ec.h index a95d99f6a..d8ff42c0c 100755 --- a/externals/libressl/include/openssl/ec.h +++ b/externals/libressl/include/openssl/ec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec.h,v 1.18 2019/09/29 10:09:09 tb Exp $ */ +/* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -250,6 +250,8 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); */ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +int EC_GROUP_order_bits(const EC_GROUP *group); + /** Gets the cofactor of a EC_GROUP * \param group EC_GROUP object * \param cofactor BIGNUM to which the cofactor is copied @@ -280,6 +282,11 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); +#if !defined(LIBRESSL_INTERNAL) /** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b * \param group EC_GROUP object * \param p BIGNUM with the prime number @@ -321,6 +328,8 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c */ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); #endif +#endif + /** Returns the number of bits needed to represent a field element * \param group EC_GROUP object * \return number of bits needed to represent a field element @@ -446,6 +455,22 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); */ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + +#if defined(LIBRESSL_INTERNAL) + +int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); +int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + +#else + /** Sets the jacobian projective coordinates of a EC_POINT over GFp * \param group underlying EC_GROUP object * \param p EC_POINT object @@ -502,6 +527,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, */ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, int y_bit, BN_CTX *ctx); + #ifndef OPENSSL_NO_EC2M /** Sets the affine coordinates of a EC_POINT over GF2m * \param group underlying EC_GROUP object @@ -535,7 +561,9 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, */ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, int y_bit, BN_CTX *ctx); -#endif +#endif /* OPENSSL_NO_EC2M */ +#endif /* !LIBRESSL_INTERNAL */ + /** Encodes a EC_POINT object to a octet string * \param group underlying EC_GROUP object * \param p EC_POINT object @@ -680,7 +708,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, unsigned int *k2, unsigned int *k3); #endif -#define OPENSSL_EC_NAMED_CURVE 0x001 +#define OPENSSL_EC_EXPLICIT_CURVE 0x000 +#define OPENSSL_EC_NAMED_CURVE 0x001 typedef struct ecpk_parameters_st ECPKPARAMETERS; diff --git a/externals/libressl/include/openssl/ecdsa.h b/externals/libressl/include/openssl/ecdsa.h index c4e107eee..eccca65b5 100755 --- a/externals/libressl/include/openssl/ecdsa.h +++ b/externals/libressl/include/openssl/ecdsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.h,v 1.8 2019/01/19 01:17:41 tb Exp $ */ +/* $OpenBSD: ecdsa.h,v 1.11 2022/01/14 08:31:03 tb Exp $ */ /** * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions * \author Written by Nils Larsch for the OpenSSL project @@ -85,10 +85,6 @@ struct ecdsa_method { BIGNUM **r); int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); -#if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -#endif int flags; char *app_data; }; @@ -101,11 +97,6 @@ struct ecdsa_method { #define ECDSA_FLAG_FIPS_METHOD 0x1 -struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - /** Allocates and initialize a ECDSA_SIG structure * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ @@ -140,6 +131,9 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); */ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + /** Setter for r and s fields of ECDSA_SIG * \param sig pointer to ECDSA_SIG pointer * \param r pointer to BIGNUM for r (may be NULL) diff --git a/externals/libressl/include/openssl/err.h b/externals/libressl/include/openssl/err.h index 22cdb2987..20fa9084a 100755 --- a/externals/libressl/include/openssl/err.h +++ b/externals/libressl/include/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */ +/* $OpenBSD: err.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -196,6 +196,7 @@ typedef struct err_state_st { #define ERR_LIB_HMAC 48 #define ERR_LIB_JPAKE 49 #define ERR_LIB_GOST 50 +#define ERR_LIB_CT 51 #define ERR_LIB_USER 128 @@ -234,6 +235,7 @@ typedef struct err_state_st { #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) #define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__) #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +#define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),__FILE__,__LINE__) #endif #ifdef LIBRESSL_INTERNAL @@ -270,6 +272,7 @@ typedef struct err_state_st { #define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__) #define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__) #define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__) +#define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),__FILE__,__LINE__) #endif #define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ diff --git a/externals/libressl/include/openssl/evp.h b/externals/libressl/include/openssl/evp.h index f1fe8a1e3..a80cf189f 100755 --- a/externals/libressl/include/openssl/evp.h +++ b/externals/libressl/include/openssl/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.79 2020/04/27 19:31:02 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.99 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -119,82 +119,15 @@ extern "C" { #endif -/* Type needs to be a bit field - * Sub-type needs to be for variations on the method, as in, can it do - * arbitrary encryption.... */ -struct evp_pkey_st { - int type; - int save_type; - int references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - union { - char *ptr; -#ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -#endif -#ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -#endif -#ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -#endif -#ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ -#endif -#ifndef OPENSSL_NO_GOST - struct gost_key_st *gost; /* GOST */ -#endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} /* EVP_PKEY */; - #define EVP_PKEY_MO_SIGN 0x0001 #define EVP_PKEY_MO_VERIFY 0x0002 #define EVP_PKEY_MO_ENCRYPT 0x0004 #define EVP_PKEY_MO_DECRYPT 0x0008 -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, - void *key); - #ifndef EVP_MD -struct env_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final)(EVP_MD_CTX *ctx, unsigned char *md); - int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup)(EVP_MD_CTX *ctx); - - evp_sign_method *sign; - evp_verify_method *verify; - int required_pkey_type[5]; /*EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */; - #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ -#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc */ - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - /* DigestAlgorithmIdentifier flags... */ #define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -224,51 +157,8 @@ struct env_md_st { #define EVP_MD_CTRL_ALG_CTRL 0x1000 -#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -#ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -#else -#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_ECDSA -#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -#else -#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#else -#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -#endif - #endif /* !EVP_MD */ -struct env_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */; - /* values for EVP_MD_CTX flags */ #define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called @@ -295,24 +185,6 @@ struct env_md_ctx_st { #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ -struct evp_cipher_st { - int nid; - int block_size; - int key_len; /* Default value for variable length ciphers */ - int iv_len; - unsigned long flags; /* Various flags */ - int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ - int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ -} /* EVP_CIPHER */; - /* Values for cipher flags */ /* Modes for ciphers */ @@ -327,23 +199,23 @@ struct evp_cipher_st { #define EVP_CIPH_CCM_MODE 0x7 #define EVP_CIPH_XTS_MODE 0x10001 #define EVP_CIPH_WRAP_MODE 0x10002 -#define EVP_CIPH_MODE 0xF0007 +#define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ -#define EVP_CIPH_VARIABLE_LENGTH 0x8 +#define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ -#define EVP_CIPH_CUSTOM_IV 0x10 +#define EVP_CIPH_CUSTOM_IV 0x10 /* Set if the cipher's init() function should be called if key is NULL */ -#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 /* Call ctrl() to init cipher parameters */ -#define EVP_CIPH_CTRL_INIT 0x40 +#define EVP_CIPH_CTRL_INIT 0x40 /* Don't use standard key length function */ -#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ -#define EVP_CIPH_NO_PADDING 0x100 +#define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ -#define EVP_CIPH_RAND_KEY 0x200 +#define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ -#define EVP_CIPH_CUSTOM_COPY 0x400 +#define EVP_CIPH_CUSTOM_COPY 0x400 /* Allow use default ASN1 get/set iv */ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ @@ -355,7 +227,7 @@ struct evp_cipher_st { /* Cipher handles any and all padding logic as well * as finalisation. */ -#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 /* @@ -367,22 +239,25 @@ struct evp_cipher_st { /* ctrl() values */ #define EVP_CTRL_INIT 0x0 -#define EVP_CTRL_SET_KEY_LENGTH 0x1 -#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 -#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 -#define EVP_CTRL_GET_RC5_ROUNDS 0x4 -#define EVP_CTRL_SET_RC5_ROUNDS 0x5 -#define EVP_CTRL_RAND_KEY 0x6 -#define EVP_CTRL_PBE_PRF_NID 0x7 -#define EVP_CTRL_COPY 0x8 -#define EVP_CTRL_GCM_SET_IVLEN 0x9 -#define EVP_CTRL_GCM_GET_TAG 0x10 -#define EVP_CTRL_GCM_SET_TAG 0x11 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define EVP_CTRL_AEAD_GET_TAG 0x10 +#define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG #define EVP_CTRL_GCM_SET_IV_FIXED 0x12 #define EVP_CTRL_GCM_IV_GEN 0x13 -#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG #define EVP_CTRL_CCM_SET_L 0x14 #define EVP_CTRL_CCM_SET_MSGLEN 0x15 /* AEAD cipher deduces payload length and returns number of bytes @@ -410,38 +285,6 @@ typedef struct evp_cipher_info_st { unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ -} /* EVP_CIPHER_CTX */; - -typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ - int expect_nl; -} EVP_ENCODE_CTX; - /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); @@ -485,7 +328,28 @@ int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +void EVP_MD_meth_free(EVP_MD *md); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, + int (*final)(EVP_MD_CTX *ctx, unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, + int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)); + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) @@ -509,8 +373,11 @@ int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); -void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); #define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) @@ -617,7 +484,7 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); #ifndef LIBRESSL_INTERNAL int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); #endif - + int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, EVP_PKEY *pkey); @@ -628,11 +495,17 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); +int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); +int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, size_t tbslen); + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); @@ -684,9 +557,6 @@ const EVP_MD *EVP_md5_sha1(void); #endif #ifndef OPENSSL_NO_SHA const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); #endif #ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); @@ -1061,6 +931,13 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_public_check)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check)(const EVP_PKEY *pk)); + #define EVP_PKEY_OP_UNDEFINED 0 #define EVP_PKEY_OP_PARAMGEN (1<<1) #define EVP_PKEY_OP_KEYGEN (1<<2) @@ -1107,7 +984,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, #define EVP_PKEY_CTRL_DIGESTINIT 7 /* Used by GOST key encryption in TLS */ -#define EVP_PKEY_CTRL_SET_IV 8 +#define EVP_PKEY_CTRL_SET_IV 8 #define EVP_PKEY_CTRL_CMS_ENCRYPT 9 #define EVP_PKEY_CTRL_CMS_DECRYPT 10 @@ -1149,6 +1026,8 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); @@ -1185,6 +1064,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); @@ -1251,6 +1133,13 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check)(EVP_PKEY *pkey)); +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*public_check)(EVP_PKEY *pkey)); +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*param_check)(EVP_PKEY *pkey)); + /* Authenticated Encryption with Additional Data. * * AEAD couples confidentiality and integrity in a single primtive. AEAD @@ -1258,7 +1147,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, * message has a unique, per-message nonce and, optionally, additional data * which is authenticated but not included in the output. */ -struct evp_aead_st; typedef struct evp_aead_st EVP_AEAD; #ifndef OPENSSL_NO_AES @@ -1292,11 +1180,7 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead); /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key * and message-independent IV. */ -typedef struct evp_aead_ctx_st { - const EVP_AEAD *aead; - /* aead_state is an opaque pointer to the AEAD specific state. */ - void *aead_state; -} EVP_AEAD_CTX; +typedef struct evp_aead_ctx_st EVP_AEAD_CTX; /* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD * defined in this header. */ @@ -1307,7 +1191,15 @@ typedef struct evp_aead_ctx_st { * should be used. */ #define EVP_AEAD_DEFAULT_TAG_LENGTH 0 -/* EVP_AEAD_init initializes the context for the given AEAD algorithm. +/* EVP_AEAD_CTX_new allocates a new context for use with EVP_AEAD_CTX_init. + * It can be cleaned up for reuse with EVP_AEAD_CTX_cleanup and must be freed + * with EVP_AEAD_CTX_free. */ +EVP_AEAD_CTX *EVP_AEAD_CTX_new(void); + +/* EVP_AEAD_CTX_free releases all memory owned by the context. */ +void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx); + +/* EVP_AEAD_CTX_init initializes the context for the given AEAD algorithm. * The implementation argument may be NULL to choose the default implementation. * Authentication tags may be truncated by passing a tag length. A tag length * of zero indicates the default tag length should be used. */ @@ -1512,6 +1404,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_KEY_SETUP_FAILED 180 #define EVP_R_MESSAGE_DIGEST_IS_NULL 159 #define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 diff --git a/externals/libressl/include/openssl/hmac.h b/externals/libressl/include/openssl/hmac.h index e787c62ac..ff01ae26b 100755 --- a/externals/libressl/include/openssl/hmac.h +++ b/externals/libressl/include/openssl/hmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.h,v 1.13 2018/02/17 14:53:59 jsing Exp $ */ +/* $OpenBSD: hmac.h,v 1.16 2022/01/14 08:06:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,24 +72,11 @@ extern "C" { #endif -typedef struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; -} HMAC_CTX; - -#define HMAC_size(e) (EVP_MD_size((e)->md)) +#define HMAC_size(e) (EVP_MD_size(HMAC_CTX_get_md((e)))) HMAC_CTX *HMAC_CTX_new(void); void HMAC_CTX_free(HMAC_CTX *ctx); -void HMAC_CTX_init(HMAC_CTX *ctx); int HMAC_CTX_reset(HMAC_CTX *ctx); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); - -#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ diff --git a/externals/libressl/include/openssl/obj_mac.h b/externals/libressl/include/openssl/obj_mac.h index 3ed10874c..5da2b5df9 100755 --- a/externals/libressl/include/openssl/obj_mac.h +++ b/externals/libressl/include/openssl/obj_mac.h @@ -853,10 +853,38 @@ #define NID_id_smime_ct_compressedData 786 #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L +#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz" +#define NID_id_ct_routeOriginAuthz 1001 +#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L + +#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest" +#define NID_id_ct_rpkiManifest 1002 +#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L + #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" #define NID_id_ct_asciiTextWithCRLF 787 #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L +#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters" +#define NID_id_ct_rpkiGhostbusters 1003 +#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L + +#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest" +#define NID_id_ct_resourceTaggedAttest 1004 +#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L + +#define SN_id_ct_geofeedCSVwithCRLF "id-ct-geofeedCSVwithCRLF" +#define NID_id_ct_geofeedCSVwithCRLF 1013 +#define OBJ_id_ct_geofeedCSVwithCRLF OBJ_id_smime_ct,47L + +#define SN_id_ct_signedChecklist "id-ct-signedChecklist" +#define NID_id_ct_signedChecklist 1014 +#define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L + +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1017 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1366,6 +1394,10 @@ #define NID_id_cct 268 #define OBJ_id_cct OBJ_id_pkix,12L +#define SN_id_cp "id-cp" +#define NID_id_cp 1005 +#define OBJ_id_cp OBJ_id_pkix,14L + #define SN_id_ppl "id-ppl" #define NID_id_ppl 662 #define OBJ_id_ppl OBJ_id_pkix,21L @@ -1490,6 +1522,19 @@ #define NID_proxyCertInfo 663 #define OBJ_proxyCertInfo OBJ_id_pe,14L +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1016 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2" +#define NID_sbgp_ipAddrBlockv2 1006 +#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L + +#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2" +#define NID_sbgp_autonomousSysNumv2 1007 +#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1554,6 +1599,11 @@ #define NID_dvcs 297 #define OBJ_dvcs OBJ_id_kp,10L +#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router" +#define LN_id_kp_bgpsec_router "BGPsec Router" +#define NID_id_kp_bgpsec_router 1015 +#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -1823,6 +1873,14 @@ #define NID_id_cct_PKIResponse 362 #define OBJ_id_cct_PKIResponse OBJ_id_cct,3L +#define SN_ipAddr_asNumber "ipAddr-asNumber" +#define NID_ipAddr_asNumber 1008 +#define OBJ_ipAddr_asNumber OBJ_id_cp,2L + +#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2" +#define NID_ipAddr_asNumberv2 1009 +#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L + #define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" #define LN_id_ppl_anyLanguage "Any language" #define NID_id_ppl_anyLanguage 664 @@ -1863,6 +1921,21 @@ #define NID_caRepository 785 #define OBJ_caRepository OBJ_id_ad,5L +#define SN_rpkiManifest "rpkiManifest" +#define LN_rpkiManifest "RPKI Manifest" +#define NID_rpkiManifest 1010 +#define OBJ_rpkiManifest OBJ_id_ad,10L + +#define SN_signedObject "signedObject" +#define LN_signedObject "Signed Object" +#define NID_signedObject 1011 +#define OBJ_signedObject OBJ_id_ad,11L + +#define SN_rpkiNotify "rpkiNotify" +#define LN_rpkiNotify "RPKI Notify" +#define NID_rpkiNotify 1012 +#define OBJ_rpkiNotify OBJ_id_ad,13L + #define OBJ_id_pkix_OCSP OBJ_ad_OCSP #define SN_id_pkix_OCSP_basic "basicOCSPResponse" @@ -4157,6 +4230,26 @@ #define SN_dh_cofactor_kdf "dh-cofactor-kdf" #define NID_dh_cofactor_kdf 991 +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 1018 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 1019 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 1020 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 1021 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + #define SN_teletrust "teletrust" #define NID_teletrust 920 #define OBJ_teletrust OBJ_identified_organization,36L diff --git a/externals/libressl/include/openssl/objects.h b/externals/libressl/include/openssl/objects.h index c40991b5e..918928e2f 100755 --- a/externals/libressl/include/openssl/objects.h +++ b/externals/libressl/include/openssl/objects.h @@ -1,4 +1,4 @@ -/* $OpenBSD: objects.h,v 1.12 2017/01/21 04:53:22 jsing Exp $ */ +/* $OpenBSD: objects.h,v 1.17 2022/01/14 08:56:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1010,108 +1010,33 @@ int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); + +#if defined(LIBRESSL_INTERNAL) const void * OBJ_bsearch_(const void *key, const void *base, int num, int size, int (*cmp)(const void *, const void *)); const void * OBJ_bsearch_ex_(const void *key, const void *base, int num, int size, int (*cmp)(const void *, const void *), int flags); - -#ifndef LIBRESSL_INTERNAL - -#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ - static int nm##_cmp(type1 const *, type2 const *); \ - scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) - -#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ - _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) -#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) - -/* - * Unsolved problem: if a type is actually a pointer type, like - * nid_triple is, then its impossible to get a const where you need - * it. Consider: - * - * typedef int nid_triple[3]; - * const void *a_; - * const nid_triple const *a = a_; - * - * The assignement discards a const because what you really want is: - * - * const int const * const *a = a_; - * - * But if you do that, you lose the fact that a is an array of 3 ints, - * which breaks comparison functions. - * - * Thus we end up having to cast, sadly, or unpack the - * declarations. Or, as I finally did in this case, delcare nid_triple - * to be a struct, which it should have been in the first place. - * - * Ben, August 2008. - * - * Also, strictly speaking not all types need be const, but handling - * the non-constness means a lot of complication, and in practice - * comparison routines do always not touch their arguments. - */ - -#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ - static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ - { \ - type1 const *a = a_; \ - type2 const *b = b_; \ - return nm##_cmp(a,b); \ - } \ - type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ - { \ - return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ - nm##_cmp_BSEARCH_CMP_FN); \ - } \ - extern void dummy_prototype(void) - -#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ - ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN))) - -#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ - ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ - num,sizeof(type2), \ - ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ - (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ - cmp##_BSEARCH_CMP_FN)),flags) - -#endif /* !LIBRESSL_INTERNAL */ +#endif int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); -void OBJ_cleanup(void ); +void OBJ_cleanup(void); int OBJ_create_objects(BIO *in); +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); +#if defined(LIBRESSL_CRYPTO_INTERNAL) extern int obj_cleanup_defer; void check_defer(int nid); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/externals/libressl/include/openssl/ocsp.h b/externals/libressl/include/openssl/ocsp.h index 316fb8ed9..f869f8aa9 100755 --- a/externals/libressl/include/openssl/ocsp.h +++ b/externals/libressl/include/openssl/ocsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */ +/* $OpenBSD: ocsp.h,v 1.19 2022/01/14 08:32:26 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -73,230 +73,6 @@ extern "C" { #endif -/* Various flags and values */ - -#define OCSP_DEFAULT_NONCE_LENGTH 16 - -#define OCSP_NOCERTS 0x1 -#define OCSP_NOINTERN 0x2 -#define OCSP_NOSIGS 0x4 -#define OCSP_NOCHAIN 0x8 -#define OCSP_NOVERIFY 0x10 -#define OCSP_NOEXPLICIT 0x20 -#define OCSP_NOCASIGN 0x40 -#define OCSP_NODELEGATED 0x80 -#define OCSP_NOCHECKS 0x100 -#define OCSP_TRUSTOTHER 0x200 -#define OCSP_RESPID_KEY 0x400 -#define OCSP_NOTIME 0x800 - -/* CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -typedef struct ocsp_cert_id_st { - X509_ALGOR *hashAlgorithm; - ASN1_OCTET_STRING *issuerNameHash; - ASN1_OCTET_STRING *issuerKeyHash; - ASN1_INTEGER *serialNumber; -} OCSP_CERTID; - -DECLARE_STACK_OF(OCSP_CERTID) - -/* Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -} OCSP_ONEREQ; - -DECLARE_STACK_OF(OCSP_ONEREQ) - - -/* TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -} OCSP_REQINFO; - -/* Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -typedef struct ocsp_signature_st { - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_SIGNATURE; - -/* OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -typedef struct ocsp_request_st { - OCSP_REQINFO *tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -} OCSP_REQUEST; - -/* OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ -#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -#define OCSP_RESPONSE_STATUS_TRYLATER 3 -#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 - -/* ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -typedef struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -} OCSP_RESPBYTES; - -/* OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/* ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ -#define V_OCSP_RESPID_NAME 0 -#define V_OCSP_RESPID_KEY 1 -struct ocsp_responder_id_st { - int type; - union { - X509_NAME* byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -DECLARE_STACK_OF(OCSP_RESPID) -OCSP_RESPID *OCSP_RESPID_new(void); -void OCSP_RESPID_free(OCSP_RESPID *a); -OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); -int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); -extern const ASN1_ITEM OCSP_RESPID_it; - -/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - -/* RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -typedef struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -} OCSP_REVOKEDINFO; - -/* CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ -#define V_OCSP_CERTSTATUS_GOOD 0 -#define V_OCSP_CERTSTATUS_REVOKED 1 -#define V_OCSP_CERTSTATUS_UNKNOWN 2 -typedef struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -} OCSP_CERTSTATUS; - -/* SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -} OCSP_SINGLERESP; - -DECLARE_STACK_OF(OCSP_SINGLERESP) - -/* ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID *responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -} OCSP_RESPDATA; - -/* BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* Note 1: - The value for "signature" is specified in the OCSP rfc2560 as follows: - "The value for the signature SHALL be computed on the hash of the DER - encoding ResponseData." This means that you must hash the DER-encoded - tbsResponseData, and then run it through a crypto-signing function, which - will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems - a bit odd, but that's the spec. Also note that the data structures do not - leave anywhere to independently specify the algorithm used for the initial - hash. So, we look at the signature-specification algorithm, and try to do - something intelligent. -- Kathy Weinhold, CertCo */ - /* Note 2: - It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open - for interpretation. I've done tests against another responder, and found - that it doesn't do the double hashing that the RFC seems to say one - should. Therefore, all relevant functions take a flag saying which - variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ -typedef struct ocsp_basic_response_st { - OCSP_RESPDATA *tbsResponseData; - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_BASICRESP; - /* * CRLReason ::= ENUMERATED { * unspecified (0), @@ -318,25 +94,73 @@ typedef struct ocsp_basic_response_st { #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -/* CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -typedef struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -} OCSP_CRLID; -/* ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -typedef struct ocsp_service_locator_st { - X509_NAME* issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -} OCSP_SERVICELOC; +/* Various flags and values */ + +#define OCSP_DEFAULT_NONCE_LENGTH 16 + +#define OCSP_NOCERTS 0x1 +#define OCSP_NOINTERN 0x2 +#define OCSP_NOSIGS 0x4 +#define OCSP_NOCHAIN 0x8 +#define OCSP_NOVERIFY 0x10 +#define OCSP_NOEXPLICIT 0x20 +#define OCSP_NOCASIGN 0x40 +#define OCSP_NODELEGATED 0x80 +#define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 +#define OCSP_RESPID_KEY 0x400 +#define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DECLARE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DECLARE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +#define V_OCSP_RESPID_NAME 0 +#define V_OCSP_RESPID_KEY 1 + +DECLARE_STACK_OF(OCSP_RESPID) + +OCSP_RESPID *OCSP_RESPID_new(void); +void OCSP_RESPID_free(OCSP_RESPID *a); +OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); +int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPID_it; + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DECLARE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -357,24 +181,6 @@ typedef struct ocsp_service_locator_st { PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ bp,(char *)o, NULL,NULL,0,NULL,NULL) -#define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(&OCSP_REQINFO_it, \ - o->optionalSignature->signatureAlgorithm,NULL, \ - o->optionalSignature->signature,o->tbsRequest,pkey,md) - -#define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ - o->signature,o->tbsResponseData,pkey,md) - -#define OCSP_REQUEST_verify(a,r) \ - ASN1_item_verify(&OCSP_REQINFO_it, \ - a->optionalSignature->signatureAlgorithm, \ - a->optionalSignature->signature,a->tbsRequest,r) - -#define OCSP_BASICRESP_verify(a,r,d) \ - ASN1_item_verify(&OCSP_RESPDATA_it, \ - a->signatureAlgorithm,a->signature,a->tbsResponseData,r) - #define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len) @@ -414,8 +220,19 @@ int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, const X509_NAME **pname); + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, diff --git a/externals/libressl/include/openssl/opensslfeatures.h b/externals/libressl/include/openssl/opensslfeatures.h index 9684276b7..49a5f15b5 100755 --- a/externals/libressl/include/openssl/opensslfeatures.h +++ b/externals/libressl/include/openssl/opensslfeatures.h @@ -3,7 +3,8 @@ * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ -/* #define LIBRESSL_HAS_TLS1_3 */ +#define LIBRESSL_HAS_TLS1_3 +#define LIBRESSL_HAS_DTLS1_2 #define OPENSSL_THREADS @@ -83,7 +84,7 @@ /* #define OPENSSL_NO_RC4 */ #define OPENSSL_NO_RC5 /* #define OPENSSL_NO_RDRAND */ -#define OPENSSL_NO_RFC3779 +/* #define OPENSSL_NO_RFC3779 */ /* #define OPENSSL_NO_RMD160 */ /* #define OPENSSL_NO_RSA */ /* #define OPENSSL_NO_SCRYPT */ diff --git a/externals/libressl/include/openssl/opensslv.h b/externals/libressl/include/openssl/opensslv.h index 28b1f1f42..1cafae6b5 100755 --- a/externals/libressl/include/openssl/opensslv.h +++ b/externals/libressl/include/openssl/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD: opensslv.h,v 1.61 2020/09/25 11:31:39 bcook Exp $ */ +/* $OpenBSD: opensslv.h,v 1.69 2022/03/15 21:15:08 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3020200fL +#define LIBRESSL_VERSION_NUMBER 0x3050200fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.2.2" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.5.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/externals/libressl/include/openssl/ossl_typ.h b/externals/libressl/include/openssl/ossl_typ.h index b1a9e0e37..f4796ba88 100755 --- a/externals/libressl/include/openssl/ossl_typ.h +++ b/externals/libressl/include/openssl/ossl_typ.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ossl_typ.h,v 1.13 2015/09/30 04:10:07 doug Exp $ */ +/* $OpenBSD: ossl_typ.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -77,6 +77,8 @@ typedef struct asn1_string_st ASN1_STRING; typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; +typedef struct asn1_object_st ASN1_OBJECT; + typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct asn1_pctx_st ASN1_PCTX; @@ -106,8 +108,12 @@ typedef struct bn_mont_ctx_st BN_MONT_CTX; typedef struct bn_recp_ctx_st BN_RECP_CTX; typedef struct bn_gencb_st BN_GENCB; +typedef struct bio_st BIO; typedef struct buf_mem_st BUF_MEM; +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; typedef struct env_md_st EVP_MD; @@ -119,6 +125,10 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; @@ -127,6 +137,7 @@ typedef struct dsa_method DSA_METHOD; typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct rand_meth_st RAND_METHOD; @@ -143,6 +154,11 @@ typedef struct X509_pubkey_st X509_PUBKEY; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; @@ -187,4 +203,10 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/externals/libressl/include/openssl/pem.h b/externals/libressl/include/openssl/pem.h index adc85226e..95f1e030b 100755 --- a/externals/libressl/include/openssl/pem.h +++ b/externals/libressl/include/openssl/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.19 2018/08/24 19:51:31 tb Exp $ */ +/* $OpenBSD: pem.h,v 1.23 2022/01/14 07:52:24 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,7 +114,6 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" -#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -138,14 +137,6 @@ extern "C" { #define PEM_STRING_PARAMETERS "PARAMETERS" #define PEM_STRING_CMS "CMS" - /* Note that this structure is initialised by PEM_SealInit and cleaned up - by PEM_SealFinal (at least for now) */ -typedef struct PEM_Encode_Seal_st { - EVP_ENCODE_CTX encode; - EVP_MD_CTX md; - EVP_CIPHER_CTX cipher; -} PEM_ENCODE_SEAL_CTX; - /* enc_type is one off */ #define PEM_TYPE_ENCRYPTED 10 #define PEM_TYPE_MIC_ONLY 20 @@ -413,14 +404,6 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, - EVP_MD *md_type, unsigned char **ek, int *ekl, - unsigned char *iv, EVP_PKEY **pubk, int npubk); -void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl); -int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, - unsigned char *out, int *outl, EVP_PKEY *priv); - int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, @@ -435,8 +418,6 @@ DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) -DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) - DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) @@ -485,6 +466,9 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u); int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); diff --git a/externals/libressl/include/openssl/rsa.h b/externals/libressl/include/openssl/rsa.h index 78ac04cf9..d59fd03f7 100755 --- a/externals/libressl/include/openssl/rsa.h +++ b/externals/libressl/include/openssl/rsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.h,v 1.51 2019/11/04 12:30:56 jsing Exp $ */ +/* $OpenBSD: rsa.h,v 1.55 2022/01/14 08:34:39 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,11 +80,7 @@ extern "C" { #endif -/* Declared already in ossl_typ.h */ -/* typedef struct rsa_st RSA; */ -/* typedef struct rsa_meth_st RSA_METHOD; */ - -typedef struct rsa_pss_params_st { +struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; @@ -92,7 +88,7 @@ typedef struct rsa_pss_params_st { /* Hash algorithm decoded from maskGenAlgorithm. */ X509_ALGOR *maskHash; -} RSA_PSS_PARAMS; +} /* RSA_PSS_PARAMS */; typedef struct rsa_oaep_params_st { X509_ALGOR *hashFunc; @@ -103,80 +99,6 @@ typedef struct rsa_oaep_params_st { X509_ALGOR *maskHash; } RSA_OAEP_PARAMS; -struct rsa_meth_st { - const char *name; - int (*rsa_pub_enc)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_pub_dec)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_enc)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_dec)(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); /* Can be null */ - int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ - int (*init)(RSA *rsa); /* called at new */ - int (*finish)(RSA *rsa); /* called at free */ - int flags; /* RSA_METHOD_FLAG_* things */ - char *app_data; /* may be needed! */ -/* New sign and verify functions: some libraries don't allow arbitrary data - * to be signed/verified: this allows them to be used. Note: for this to work - * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used - * RSA_sign(), RSA_verify() should be used instead. Note: for backwards - * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER - * option is set in 'flags'. - */ - int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - int (*rsa_verify)(int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); -/* If this callback is NULL, the builtin software RSA key-gen will be used. This - * is for behavioural compatibility whilst the code gets rewired, but one day - * it would be nice to assume there are no such things as "builtin software" - * implementations. */ - int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -}; - -struct rsa_st { - /* The first parameter is used to pickup errors where - * this is passed instead of aEVP_PKEY, it is set to 0 */ - int pad; - long version; - const RSA_METHOD *meth; - - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - - /* Parameter restrictions for PSS only keys. */ - RSA_PSS_PARAMS *pss; - - /* be careful using this if the RSA structure is shared */ - CRYPTO_EX_DATA ex_data; - int references; - int flags; - - /* Used to cache montgomery values */ - BN_MONT_CTX *_method_mod_n; - BN_MONT_CTX *_method_mod_p; - BN_MONT_CTX *_method_mod_q; - - /* all BIGNUM values are actually in the following data, if it is not - * NULL */ - BN_BLINDING *blinding; - BN_BLINDING *mt_blinding; -}; - #ifndef OPENSSL_RSA_MAX_MODULUS_BITS # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -380,18 +302,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset); int RSA_print(BIO *bp, const RSA *r, int offset); #endif -#ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb)(char *buf, int len, const char *prompt, int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb)(char *buf, int len, const char *prompt, int verify)); -#endif - /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, @@ -470,6 +380,15 @@ void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +const BIGNUM *RSA_get0_n(const RSA *r); +const BIGNUM *RSA_get0_e(const RSA *r); +const BIGNUM *RSA_get0_d(const RSA *r); +const BIGNUM *RSA_get0_p(const RSA *r); +const BIGNUM *RSA_get0_q(const RSA *r); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); diff --git a/externals/libressl/include/openssl/safestack.h b/externals/libressl/include/openssl/safestack.h index 690912b30..e1e7e2487 100755 --- a/externals/libressl/include/openssl/safestack.h +++ b/externals/libressl/include/openssl/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.18 2019/08/11 14:14:14 jsing Exp $ */ +/* $OpenBSD: safestack.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -663,6 +663,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) +#define sk_CTLOG_new(cmp) SKM_sk_new(CTLOG, (cmp)) +#define sk_CTLOG_new_null() SKM_sk_new_null(CTLOG) +#define sk_CTLOG_free(st) SKM_sk_free(CTLOG, (st)) +#define sk_CTLOG_num(st) SKM_sk_num(CTLOG, (st)) +#define sk_CTLOG_value(st, i) SKM_sk_value(CTLOG, (st), (i)) +#define sk_CTLOG_set(st, i, val) SKM_sk_set(CTLOG, (st), (i), (val)) +#define sk_CTLOG_zero(st) SKM_sk_zero(CTLOG, (st)) +#define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val)) +#define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val)) +#define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val)) +#define sk_CTLOG_find_ex(st, val) SKM_sk_find_ex(CTLOG, (st), (val)) +#define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i)) +#define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr)) +#define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i)) +#define sk_CTLOG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CTLOG, (st), (cmp)) +#define sk_CTLOG_dup(st) SKM_sk_dup(CTLOG, st) +#define sk_CTLOG_pop_free(st, free_func) SKM_sk_pop_free(CTLOG, (st), (free_func)) +#define sk_CTLOG_shift(st) SKM_sk_shift(CTLOG, (st)) +#define sk_CTLOG_pop(st) SKM_sk_pop(CTLOG, (st)) +#define sk_CTLOG_sort(st) SKM_sk_sort(CTLOG, (st)) +#define sk_CTLOG_is_sorted(st) SKM_sk_is_sorted(CTLOG, (st)) + #define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) @@ -1279,6 +1301,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) +#define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +#define sk_SCT_new_null() SKM_sk_new_null(SCT) +#define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +#define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +#define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +#define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +#define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +#define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +#define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +#define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +#define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) +#define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +#define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +#define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +#define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +#define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +#define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +#define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +#define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +#define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +#define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) + #define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) #define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) #define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) diff --git a/externals/libressl/include/openssl/srtp.h b/externals/libressl/include/openssl/srtp.h index 6daa02a79..89ce86202 100755 --- a/externals/libressl/include/openssl/srtp.h +++ b/externals/libressl/include/openssl/srtp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */ +/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -129,6 +129,10 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +/* AEAD SRTP protection profiles from RFC 7714 */ +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); diff --git a/externals/libressl/include/openssl/ssl.h b/externals/libressl/include/openssl/ssl.h index 88039c08d..e31326821 100755 --- a/externals/libressl/include/openssl/ssl.h +++ b/externals/libressl/include/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.178 2020/09/20 09:42:00 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.215 2021/11/01 08:14:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -301,6 +301,7 @@ extern "C" { #define SSL_TXT_STREEBOG512 "STREEBOG512" #define SSL_TXT_DTLS1 "DTLSv1" +#define SSL_TXT_DTLS1_2 "DTLSv1.2" #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_TLSV1 "TLSv1" @@ -356,7 +357,6 @@ extern "C" { * in SSL_CTX. */ typedef struct ssl_st *ssl_crock_st; -typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; @@ -376,113 +376,6 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); -#ifndef OPENSSL_NO_SSL_INTERN - -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - - -/* Used to hold functions for SSLv3/TLSv1 functions */ -struct ssl_method_internal_st; - -struct ssl_method_st { - int (*ssl_dispatch_alert)(SSL *s); - int (*num_ciphers)(void); - const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); - const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); - int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); - - const struct ssl_method_internal_st *internal; -}; - -/* Lets make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 3 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal - * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time - * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds - * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' - * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension - * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint - * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity - * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket - * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) - * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method - * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ -struct ssl_session_internal_st; - -struct ssl_session_st { - int ssl_version; /* what ssl version session info is - * being kept in here? */ - - int master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; - - /* session_id - valid? */ - unsigned int session_id_length; - unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - - /* this is used to determine whether the session is being reused in - * the appropriate context. It is up to the application to set this, - * via SSL_new */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This is the cert for the other end. */ - X509 *peer; - - /* when app_verify_callback accepts a session where the peer's certificate - * is not ok, we must remember the error for session reuse: */ - long verify_result; /* only for servers */ - - long timeout; - time_t time; - int references; - - const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this - * needs to be used to load - * the 'cipher' structure */ - - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ - - char *tlsext_hostname; - - /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ - - struct ssl_session_internal_st *internal; -}; - -#endif - /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L @@ -520,6 +413,9 @@ struct ssl_session_st { #define SSL_OP_NO_TLSv1_3 0x20000000L #endif +#define SSL_OP_NO_DTLSv1 0x40000000L +#define SSL_OP_NO_DTLSv1_2 0x80000000L + /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ #define SSL_OP_ALL \ (SSL_OP_LEGACY_SERVER_CONNECT) @@ -609,9 +505,19 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); +#ifndef LIBRESSL_INTERNAL struct ssl_aead_ctx_st; typedef struct ssl_aead_ctx_st SSL_AEAD_CTX; +#endif #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ @@ -635,58 +541,11 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, typedef struct ssl_comp_st SSL_COMP; -#ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_comp_st { - int id; - const char *name; -}; - +#ifdef LIBRESSL_INTERNAL DECLARE_STACK_OF(SSL_COMP) struct lhash_st_SSL_SESSION { int dummy; }; - -struct ssl_ctx_internal_st; - -struct ssl_ctx_st { - const SSL_METHOD *method; - - STACK_OF(SSL_CIPHER) *cipher_list; - - struct x509_store_st /* X509_STORE */ *cert_store; - - /* If timeout is not 0, it is the default timeout value set - * when SSL_new() is called. This has been put in to make - * life easier to set things up */ - long session_timeout; - - int references; - - /* Default values to use in SSL structures follow (these are copied by SSL_new) */ - - STACK_OF(X509) *extra_certs; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - X509_VERIFY_PARAM *param; - - /* - * XXX - * default_passwd_cb used by python and openvpn, need to keep it until we - * add an accessor - */ - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - struct ssl_ctx_internal_st *internal; -}; - #endif #define SSL_SESS_CACHE_OFF 0x0000 @@ -782,6 +641,12 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, size_t *idlen, SSL_SESSION **sess); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +#endif + #define SSL_NOTHING 1 #define SSL_WRITING 2 #define SSL_READING 3 @@ -796,85 +661,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, #define SSL_MAC_FLAG_READ_MAC_STREAM 1 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -#ifndef OPENSSL_NO_SSL_INTERN -struct ssl_internal_st; - -struct ssl_st { - /* protocol version - * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - */ - int version; - - const SSL_METHOD *method; /* SSLv3 */ - - /* There are 2 BIO's even though they are normally both the - * same. This is so data can be read and written to different - * handlers */ - - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ - int server; /* are we the server side? - mostly used by SSL_clear*/ - - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - - X509_VERIFY_PARAM *param; - - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - - /* the session_id_context is used to ensure sessions are only reused - * in the appropriate context */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - - /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int error; /* error bytes to be written */ - int error_code; /* actual code */ - - SSL_CTX *ctx; - - long verify_result; - - int references; - - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ - - unsigned int max_send_fragment; - - char *tlsext_hostname; - - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - - SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ -#define session_ctx initial_ctx - - /* - * XXX really should be internal, but is - * touched unnaturally by wpa-supplicant - * and freeradius and other perversions - */ - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - - struct ssl_internal_st *internal; -}; - -#endif - #ifdef __cplusplus } #endif @@ -954,6 +740,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_VERIFY_PEER 0x01 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 #define SSL_VERIFY_CLIENT_ONCE 0x04 +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_VERIFY_POST_HANDSHAKE 0x08 + +int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); +#endif #define OpenSSL_add_ssl_algorithms() SSL_library_init() #define SSLeay_add_ssl_algorithms() SSL_library_init() @@ -982,40 +775,53 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x); int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); -#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ +/* + * TLS Alerts. + * + * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 + */ -/* These alert types are for SSLv3 and TLSv1 */ -#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ -#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED -#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ -#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE -#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED -#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED -#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ -#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ -#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED -#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION -#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION -#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE -#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME -#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE -#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +/* Obsolete alerts. */ +#ifndef LIBRESSL_INTERNAL +#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */ +#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */ +#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */ +#endif + +#define SSL_AD_CLOSE_NOTIFY 0 +#define SSL_AD_UNEXPECTED_MESSAGE 10 +#define SSL_AD_BAD_RECORD_MAC 20 +#define SSL_AD_RECORD_OVERFLOW 22 +#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */ +#define SSL_AD_HANDSHAKE_FAILURE 40 +#define SSL_AD_BAD_CERTIFICATE 42 +#define SSL_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL_AD_CERTIFICATE_REVOKED 44 +#define SSL_AD_CERTIFICATE_EXPIRED 45 +#define SSL_AD_CERTIFICATE_UNKNOWN 46 +#define SSL_AD_ILLEGAL_PARAMETER 47 +#define SSL_AD_UNKNOWN_CA 48 +#define SSL_AD_ACCESS_DENIED 49 +#define SSL_AD_DECODE_ERROR 50 +#define SSL_AD_DECRYPT_ERROR 51 +#define SSL_AD_PROTOCOL_VERSION 70 +#define SSL_AD_INSUFFICIENT_SECURITY 71 +#define SSL_AD_INTERNAL_ERROR 80 +#define SSL_AD_INAPPROPRIATE_FALLBACK 86 +#define SSL_AD_USER_CANCELLED 90 +#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */ +#define SSL_AD_MISSING_EXTENSION 109 /* Added in TLSv1.3. */ +#define SSL_AD_UNSUPPORTED_EXTENSION 110 +#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */ +#define SSL_AD_UNRECOGNIZED_NAME 112 +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY 115 +#define SSL_AD_CERTIFICATE_REQUIRED 116 +#define SSL_AD_NO_APPLICATION_PROTOCOL 120 + +/* Offset to get an SSL_R_... value from an SSL_AD_... value. */ +#define SSL_AD_REASON_OFFSET 1000 #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1088,6 +894,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 @@ -1127,6 +934,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_SET_ECDH_AUTO 94 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 #define SSL_CTRL_GET_PEER_TMP_KEY 109 #define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY #else @@ -1142,6 +950,10 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_GET_MIN_PROTO_VERSION 130 #define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_CTRL_GET_SIGNATURE_NID 132 +#endif + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -1214,6 +1026,8 @@ int SSL_get_max_proto_version(SSL *ssl); int SSL_set_min_proto_version(SSL *ssl, uint16_t version); int SSL_set_max_proto_version(SSL *ssl, uint16_t version); +const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); + #ifndef LIBRESSL_INTERNAL #define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS #define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST @@ -1237,8 +1051,17 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version); SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn) + +#define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) #define SSL_get_peer_tmp_key(s, pk) \ SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) + +int SSL_get_signature_type_nid(const SSL *ssl, int *nid); +int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid); + #endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ #ifndef LIBRESSL_INTERNAL @@ -1296,6 +1119,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); int SSL_want(const SSL *s); int SSL_clear(SSL *s); @@ -1309,6 +1133,7 @@ const char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); @@ -1327,6 +1152,7 @@ int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); BIO * SSL_get_rbio(const SSL *s); +void SSL_set0_rbio(SSL *s, BIO *rbio); BIO * SSL_get_wbio(const SSL *s); int SSL_set_cipher_list(SSL *s, const char *str); #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) @@ -1349,6 +1175,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_chain_file(SSL *ssl, const char *file); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); @@ -1365,6 +1192,7 @@ const char *SSL_state_string(const SSL *s); const char *SSL_rstate_string(const SSL *s); const char *SSL_state_string_long(const SSL *s); const char *SSL_rstate_string_long(const SSL *s); +const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss); size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out, size_t max_out); int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); @@ -1378,6 +1206,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +int SSL_SESSION_is_resumable(const SSL_SESSION *s); +#endif SSL_SESSION *SSL_SESSION_new(void); void SSL_SESSION_free(SSL_SESSION *ses); @@ -1443,9 +1274,8 @@ int SSL_set_purpose(SSL *s, int purpose); int SSL_CTX_set_trust(SSL_CTX *s, int trust); int SSL_set_trust(SSL *s, int trust); int SSL_set1_host(SSL *s, const char *hostname); -#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +void SSL_set_hostflags(SSL *s, unsigned int flags); const char *SSL_get0_peername(SSL *s); -#endif X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); @@ -1457,10 +1287,14 @@ void SSL_free(SSL *ssl); int SSL_up_ref(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); +int SSL_is_dtls(const SSL *s); int SSL_is_server(const SSL *s); int SSL_read(SSL *ssl, void *buf, int num); int SSL_peek(SSL *ssl, void *buf, int num); int SSL_write(SSL *ssl, const void *buf, int num); +int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read); +int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked); +int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written); #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); @@ -1516,6 +1350,10 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ + const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */ @@ -2035,6 +1873,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_VERIFY_MESSAGE 174 #define SSL_R_MULTIPLE_SGC_RESTARTS 346 #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +#define SSL_R_NO_APPLICATION_PROTOCOL 235 #define SSL_R_NO_CERTIFICATES_RETURNED 176 #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 #define SSL_R_NO_CERTIFICATE_RETURNED 178 diff --git a/externals/libressl/include/openssl/ssl3.h b/externals/libressl/include/openssl/ssl3.h index a102d1143..6c6cc2ad2 100755 --- a/externals/libressl/include/openssl/ssl3.h +++ b/externals/libressl/include/openssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -292,11 +292,11 @@ extern "C" { #define SSL3_RT_ALERT 21 #define SSL3_RT_HANDSHAKE 22 #define SSL3_RT_APPLICATION_DATA 23 -#define TLS1_RT_HEARTBEAT 24 #define SSL3_AL_WARNING 1 #define SSL3_AL_FATAL 2 +#ifndef LIBRESSL_INTERNAL #define SSL3_AD_CLOSE_NOTIFY 0 #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ @@ -309,34 +309,11 @@ extern "C" { #define SSL3_AD_CERTIFICATE_EXPIRED 45 #define SSL3_AD_CERTIFICATE_UNKNOWN 46 #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ +#endif #define TLS1_HB_REQUEST 1 #define TLS1_HB_RESPONSE 2 -#ifndef OPENSSL_NO_SSL_INTERN -#ifndef LIBRESSL_INTERNAL - -typedef struct ssl3_record_st { -/*r */ int type; /* type of record */ -/*rw*/ unsigned int length; /* How many bytes available */ -/*r */ unsigned int off; /* read/write offset into 'buf' */ -/*rw*/ unsigned char *data; /* pointer to the record data */ -/*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ -/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ -} SSL3_RECORD; - -typedef struct ssl3_buffer_st { - unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, - * see ssl3_setup_buffers() */ - size_t len; /* buffer size */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ -} SSL3_BUFFER; - -#endif -#endif - #define SSL3_CT_RSA_SIGN 1 #define SSL3_CT_DSS_SIGN 2 #define SSL3_CT_RSA_FIXED_DH 3 @@ -355,21 +332,6 @@ typedef struct ssl3_buffer_st { #define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 -#ifndef OPENSSL_NO_SSL_INTERN - -struct ssl3_state_internal_st; - -typedef struct ssl3_state_st { - long flags; - - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - - struct ssl3_state_internal_st *internal; -} SSL3_STATE; - -#endif - /* SSLv3 */ /*client */ /* extra state */ @@ -475,6 +437,7 @@ typedef struct ssl3_state_st { #define SSL3_MT_CCS 1 +#ifndef LIBRESSL_INTERNAL /* These are used when changing over to a new cipher */ #define SSL3_CC_READ 0x01 #define SSL3_CC_WRITE 0x02 @@ -484,6 +447,7 @@ typedef struct ssl3_state_st { #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) +#endif #ifdef __cplusplus } diff --git a/externals/libressl/include/openssl/tls1.h b/externals/libressl/include/openssl/tls1.h index 8cd522658..547fb86e5 100755 --- a/externals/libressl/include/openssl/tls1.h +++ b/externals/libressl/include/openssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */ +/* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -177,18 +177,7 @@ extern "C" { #define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MINOR 0x01 -#define TLS1_get_version(s) \ - ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - -#define TLS1_get_client_version(s) \ - ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) - -/* - * TLS Alert codes. - * - * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 - */ - +#ifndef LIBRESSL_INTERNAL #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ @@ -211,6 +200,7 @@ extern "C" { #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Code 115 from RFC 4279. */ #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ +#endif /* * TLS ExtensionType values. @@ -328,6 +318,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) #define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) +#define SSL_get_tlsext_status_type(ssl) \ +SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) + #define SSL_set_tlsext_status_type(ssl, type) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) @@ -729,6 +722,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" #define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" #define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" + +#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" #endif #define TLS_CT_RSA_SIGN 1 @@ -768,12 +767,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS_MD_MASTER_SECRET_CONST "master secret" #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 -/* TLS Session Ticket extension struct. */ -struct tls_session_ticket_ext_st { - unsigned short length; - void *data; -}; - #ifdef __cplusplus } #endif diff --git a/externals/libressl/include/openssl/x509.h b/externals/libressl/include/openssl/x509.h index e30cbc0f1..05872e1ae 100755 --- a/externals/libressl/include/openssl/x509.h +++ b/externals/libressl/include/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.74 2018/08/24 20:26:03 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.89 2022/01/10 14:13:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,171 +140,43 @@ extern "C" { #define X509v3_KU_DECIPHER_ONLY 0x8000 #define X509v3_KU_UNDEF 0xffff -typedef struct X509_objects_st - { - int nid; - int (*a2i)(void); - int (*i2a)(void); - } X509_OBJECTS; - -struct X509_algor_st - { +struct X509_algor_st { ASN1_OBJECT *algorithm; ASN1_TYPE *parameter; - } /* X509_ALGOR */; - +} /* X509_ALGOR */; typedef STACK_OF(X509_ALGOR) X509_ALGORS; -typedef struct X509_val_st - { +typedef struct X509_val_st { ASN1_TIME *notBefore; ASN1_TIME *notAfter; - } X509_VAL; +} X509_VAL; -struct X509_pubkey_st - { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; - }; +typedef struct X509_sig_st X509_SIG; -typedef struct X509_sig_st - { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; - } X509_SIG; - -typedef struct X509_name_entry_st - { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; - int size; /* temp variable */ - } X509_NAME_ENTRY; +typedef struct X509_name_entry_st X509_NAME_ENTRY; DECLARE_STACK_OF(X509_NAME_ENTRY) -/* we always keep X509_NAMEs in 2 forms. */ -struct X509_name_st - { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; /* true if 'bytes' needs to be built */ -#ifndef OPENSSL_NO_BUFFER - BUF_MEM *bytes; -#else - char *bytes; -#endif -/* unsigned long hash; Keep the hash around for lookups */ - unsigned char *canon_enc; - int canon_enclen; - } /* X509_NAME */; - DECLARE_STACK_OF(X509_NAME) -#define X509_EX_V_NETSCAPE_HACK 0x8000 -#define X509_EX_V_INIT 0x0001 -typedef struct X509_extension_st - { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING *value; - } X509_EXTENSION; +typedef struct X509_extension_st X509_EXTENSION; typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) -/* a sequence of these are used */ -typedef struct x509_attributes_st - { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is wrong) */ - union { - char *ptr; -/* 0 */ STACK_OF(ASN1_TYPE) *set; -/* 1 */ ASN1_TYPE *single; - } value; - } X509_ATTRIBUTE; +typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) +typedef struct X509_req_info_st X509_REQ_INFO; -typedef struct X509_req_info_st - { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - } X509_REQ_INFO; +typedef struct X509_req_st X509_REQ; -typedef struct X509_req_st - { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - } X509_REQ; +typedef struct x509_cert_aux_st X509_CERT_AUX; -typedef struct x509_cinf_st - { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; - } X509_CINF; - -/* This stuff is certificate "auxiliary info" - * it contains details which are useful in certificate - * stores and databases. When used this is tagged onto - * the end of the certificate itself - */ - -typedef struct x509_cert_aux_st - { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ - } X509_CERT_AUX; - -struct x509_st - { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int valid; - int references; - char *name; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -#endif - X509_CERT_AUX *aux; - } /* X509 */; +typedef struct x509_cinf_st X509_CINF; DECLARE_STACK_OF(X509) @@ -321,13 +193,9 @@ typedef struct x509_trust_st { DECLARE_STACK_OF(X509_TRUST) -typedef struct x509_cert_pair_st { - X509 *forward; - X509 *reverse; -} X509_CERT_PAIR; - /* standard trust ids */ +/* OpenSSL changed this to 0 */ #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ #define X509_TRUST_COMPAT 1 @@ -428,61 +296,13 @@ typedef struct x509_cert_pair_st { XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -struct x509_revoked_st - { - ASN1_INTEGER *serialNumber; - ASN1_TIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ *extensions; - /* Set up if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* Revocation reason */ - int reason; - int sequence; /* load sequence */ - }; - DECLARE_STACK_OF(X509_REVOKED) -typedef struct X509_crl_info_st - { - ASN1_INTEGER *version; - X509_ALGOR *sig_alg; - X509_NAME *issuer; - ASN1_TIME *lastUpdate; - ASN1_TIME *nextUpdate; - STACK_OF(X509_REVOKED) *revoked; - STACK_OF(X509_EXTENSION) /* [0] */ *extensions; - ASN1_ENCODING enc; - } X509_CRL_INFO; - -struct X509_crl_st - { - /* actual signature */ - X509_CRL_INFO *crl; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - int flags; - /* Copies of various extensions */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; -#ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -#endif - STACK_OF(GENERAL_NAMES) *issuers; - const X509_CRL_METHOD *meth; - void *meth_data; - } /* X509_CRL */; +typedef struct X509_crl_info_st X509_CRL_INFO; DECLARE_STACK_OF(X509_CRL) -typedef struct private_key_st - { +typedef struct private_key_st { int version; /* The PKCS#8 data types */ X509_ALGOR *enc_algor; @@ -500,11 +320,10 @@ typedef struct private_key_st EVP_CIPHER_INFO cipher; int references; - } X509_PKEY; +} X509_PKEY; #ifndef OPENSSL_NO_EVP -typedef struct X509_info_st - { +typedef struct X509_info_st { X509 *x509; X509_CRL *crl; X509_PKEY *x_pkey; @@ -514,7 +333,7 @@ typedef struct X509_info_st char *enc_data; int references; - } X509_INFO; +} X509_INFO; DECLARE_STACK_OF(X509_INFO) #endif @@ -523,64 +342,46 @@ DECLARE_STACK_OF(X509_INFO) * Pat Richard and are used to manipulate * Netscapes spki structures - useful if you are writing a CA web page */ -typedef struct Netscape_spkac_st - { +typedef struct Netscape_spkac_st { X509_PUBKEY *pubkey; ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ - } NETSCAPE_SPKAC; +} NETSCAPE_SPKAC; -typedef struct Netscape_spki_st - { +typedef struct Netscape_spki_st { NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ X509_ALGOR *sig_algor; ASN1_BIT_STRING *signature; - } NETSCAPE_SPKI; +} NETSCAPE_SPKI; /* Netscape certificate sequence structure */ -typedef struct Netscape_certificate_sequence - { +typedef struct Netscape_certificate_sequence { ASN1_OBJECT *type; STACK_OF(X509) *certs; - } NETSCAPE_CERT_SEQUENCE; +} NETSCAPE_CERT_SEQUENCE; -/* Unused (and iv length is wrong) -typedef struct CBCParameter_st - { - unsigned char iv[8]; - } CBC_PARAM; -*/ /* Password based encryption structure */ typedef struct PBEPARAM_st { -ASN1_OCTET_STRING *salt; -ASN1_INTEGER *iter; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; } PBEPARAM; /* Password based encryption V2 structures */ typedef struct PBE2PARAM_st { -X509_ALGOR *keyfunc; -X509_ALGOR *encryption; + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ -ASN1_INTEGER *iter; -ASN1_INTEGER *keylength; -X509_ALGOR *prf; + /* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; } PBKDF2PARAM; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_OCTET_STRING *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - #ifdef __cplusplus } #endif @@ -592,9 +393,6 @@ struct pkcs8_priv_key_info_st { extern "C" { #endif -#define X509_EXT_PACK_UNKNOWN 1 -#define X509_EXT_PACK_STRING 2 - #define X509_extract_key(x) X509_get_pubkey(x) /*****/ #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) @@ -602,6 +400,8 @@ extern "C" { int X509_CRL_up_ref(X509_CRL *x); int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); long X509_CRL_get_version(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); @@ -630,10 +430,7 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m); void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); void *X509_CRL_get_meth_data(X509_CRL *crl); -/* This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ -#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const char *X509_verify_cert_error_string(long n); @@ -692,6 +489,7 @@ int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); #ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); #endif #ifndef OPENSSL_NO_EC @@ -832,6 +630,11 @@ void X509_SIG_free(X509_SIG *a); X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len); int i2d_X509_SIG(X509_SIG *a, unsigned char **out); extern const ASN1_ITEM X509_SIG_it; +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + X509_REQ_INFO *X509_REQ_INFO_new(void); void X509_REQ_INFO_free(X509_REQ_INFO *a); X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len); @@ -890,18 +693,15 @@ X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, lo int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); extern const ASN1_ITEM X509_CERT_AUX_it; -X509_CERT_PAIR *X509_CERT_PAIR_new(void); -void X509_CERT_PAIR_free(X509_CERT_PAIR *a); -X509_CERT_PAIR *d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len); -int i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out); -extern const ASN1_ITEM X509_CERT_PAIR_it; - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a,unsigned char **pp); X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); @@ -1014,6 +814,8 @@ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req); int X509_REQ_extension_nid(int nid); int * X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); @@ -1403,6 +1205,7 @@ void ERR_load_X509_strings(void); #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_PUBLIC_KEY_DECODE_ERROR 125 #define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 diff --git a/externals/libressl/include/openssl/x509_verify.h b/externals/libressl/include/openssl/x509_verify.h index a097404f2..d8d2cb0b5 100755 --- a/externals/libressl/include/openssl/x509_verify.h +++ b/externals/libressl/include/openssl/x509_verify.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.h,v 1.1 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_verify.h,v 1.2 2021/11/04 23:52:34 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -19,6 +19,7 @@ #ifdef LIBRESSL_INTERNAL struct x509_verify_ctx; +struct x509_verify_cert_info; typedef struct x509_verify_ctx X509_VERIFY_CTX; X509_VERIFY_CTX *x509_verify_ctx_new(STACK_OF(X509) *roots); diff --git a/externals/libressl/include/openssl/x509_vfy.h b/externals/libressl/include/openssl/x509_vfy.h index a68d5c084..9a649cbba 100755 --- a/externals/libressl/include/openssl/x509_vfy.h +++ b/externals/libressl/include/openssl/x509_vfy.h @@ -1,25 +1,25 @@ -/* $OpenBSD: x509_vfy.h,v 1.31 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.50 2022/01/14 07:53:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -77,197 +77,40 @@ extern "C" { #endif -typedef struct x509_file_st - { - int num_paths; /* number of paths to files or directories */ - int num_alloced; - char **paths; /* the list of paths or directories */ - int *path_type; - } X509_CERT_FILE_CTX; - -/*******************************/ /* -SSL_CTX -> X509_STORE - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -> X509_LOOKUP - ->X509_LOOKUP_METHOD - -SSL -> X509_STORE_CTX - ->X509_STORE + * SSL_CTX -> X509_STORE + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * + * SSL -> X509_STORE_CTX + * ->X509_STORE + * + * The X509_STORE holds the tables etc for verification stuff. + * A X509_STORE_CTX is used while validating a single certificate. + * The X509_STORE has X509_LOOKUPs for looking up certs. + * The X509_STORE then calls a function to actually verify the + * certificate chain. + */ -The X509_STORE holds the tables etc for verification stuff. -A X509_STORE_CTX is used while validating a single certificate. -The X509_STORE has X509_LOOKUPs for looking up certs. -The X509_STORE then calls a function to actually verify the -certificate chain. -*/ +typedef enum { + X509_LU_NONE, + X509_LU_X509, + X509_LU_CRL, +} X509_LOOKUP_TYPE; -#define X509_LU_RETRY -1 -#define X509_LU_FAIL 0 -#define X509_LU_X509 1 -#define X509_LU_CRL 2 -#define X509_LU_PKEY 3 - -typedef struct x509_object_st - { - /* one of the above types */ - int type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; - } X509_OBJECT; - -typedef struct x509_lookup_st X509_LOOKUP; DECLARE_STACK_OF(X509_LOOKUP) DECLARE_STACK_OF(X509_OBJECT) - -/* This is a static that defines the function interface */ -typedef struct x509_lookup_method_st - { - const char *name; - int (*new_item)(X509_LOOKUP *ctx); - void (*free)(X509_LOOKUP *ctx); - int (*init)(X509_LOOKUP *ctx); - int (*shutdown)(X509_LOOKUP *ctx); - int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial,X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, - const unsigned char *bytes, int len, X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, - int len, X509_OBJECT *ret); - } X509_LOOKUP_METHOD; - -typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; - -/* This structure hold all parameters associated with a verify operation - * by including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -typedef struct X509_VERIFY_PARAM_st - { - char *name; - time_t check_time; /* Time to use */ - unsigned long inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - X509_VERIFY_PARAM_ID *id; /* opaque ID data */ -} X509_VERIFY_PARAM; - DECLARE_STACK_OF(X509_VERIFY_PARAM) -/* This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' - * function is then called to actually check the cert chain. */ -struct x509_store_st - { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ +/* unused in OpenSSL */ +typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - - X509_VERIFY_PARAM *param; - - /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); - - CRYPTO_EX_DATA ex_data; - int references; - } /* X509_STORE */; int X509_STORE_set_depth(X509_STORE *store, int depth); -#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) -#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st - { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ - - X509_STORE *store_ctx; /* who owns us */ - } /* X509_LOOKUP */; - -/* This is a used when verifying cert chains. Since the - * gathering of the cert chain can take some time (and have to be - * 'retried', this needs to be kept and passed around. */ -struct x509_store_ctx_st /* X509_STORE_CTX */ - { - X509_STORE *ctx; - int current_method; /* used when looking up certs */ - - /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ - - X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ - - /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - int (*check_policy)(X509_STORE_CTX *ctx); - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); - - /* The following is built up */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* index of last untrusted cert */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - X509_POLICY_TREE *tree; /* Valid policy tree */ - - int explicit_policy; /* Require explicit policy value */ - - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - X509 *current_issuer; /* cert currently being tested as valid issuer */ - X509_CRL *current_crl; /* current CRL */ - - int current_crl_score; /* score of current CRL */ - unsigned int current_reasons; /* Reason mask */ - - X509_STORE_CTX *parent; /* For CRL path validation: parent context */ - - CRYPTO_EX_DATA ex_data; - } /* X509_STORE_CTX */; - void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_STORE_CTX_set_app_data(ctx,data) \ @@ -422,21 +265,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | X509_V_FLAG_INHIBIT_ANY \ | X509_V_FLAG_INHIBIT_MAP) -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, X509_NAME *name); -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); int X509_OBJECT_up_ref_count(X509_OBJECT *a); -int X509_OBJECT_get_type(const X509_OBJECT *a); -void X509_OBJECT_free_contents(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_up_ref(X509_STORE *x); -STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); -STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); void *X509_STORE_get_ex_data(X509_STORE *xs, int idx); int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); @@ -451,8 +296,14 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust); int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); + +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *); + void X509_STORE_set_verify_cb(X509_STORE *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)); + int (*verify_cb)(int, X509_STORE_CTX *)); +#define X509_STORE_set_verify_cb_func(ctx, func) \ + X509_STORE_set_verify_cb((ctx), (func)) X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -479,8 +330,11 @@ X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, - X509_OBJECT *ret); +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, X509_NAME *name); int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -493,17 +347,17 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); int X509_LOOKUP_init(X509_LOOKUP *ctx); -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret); -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - const unsigned char *bytes, int len, X509_OBJECT *ret); -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, - int len, X509_OBJECT *ret); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_locations (X509_STORE *ctx, +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); int X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len); int X509_STORE_set_default_paths(X509_STORE *ctx); @@ -515,7 +369,9 @@ void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); @@ -531,11 +387,24 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *); +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + int (*verify)(X509_STORE_CTX *)); +int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); - + +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx), (func)) + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); @@ -547,7 +416,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from); -int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from); int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); @@ -560,7 +429,7 @@ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); -int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, diff --git a/externals/libressl/include/openssl/x509v3.h b/externals/libressl/include/openssl/x509v3.h index d2754fa62..c82ecae08 100755 --- a/externals/libressl/include/openssl/x509v3.h +++ b/externals/libressl/include/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509v3.h,v 1.14 2022/01/14 09:01:36 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -206,8 +206,6 @@ union { } d; } GENERAL_NAME; -typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - typedef struct ACCESS_DESCRIPTION_st { ASN1_OBJECT *method; GENERAL_NAME *location; @@ -219,6 +217,9 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; DECLARE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DECLARE_STACK_OF(GENERAL_NAMES) + DECLARE_STACK_OF(ACCESS_DESCRIPTION) typedef struct DIST_POINT_NAME_st { @@ -446,7 +447,7 @@ struct ISSUING_DIST_POINT_st #define NS_OBJSIGN_CA 0x01 #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) -#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_SERVER 0x1 #define XKU_SSL_CLIENT 0x2 #define XKU_SMIME 0x4 #define XKU_CODE_SIGN 0x8 @@ -454,6 +455,7 @@ struct ISSUING_DIST_POINT_st #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 #define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 @@ -770,7 +772,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit char *hex_to_string(const unsigned char *buffer, long len); unsigned char *string_to_hex(const char *str, long *len); -int name_cmp(const char *name, const char *cmp); void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); @@ -798,6 +799,9 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); void X509_PURPOSE_cleanup(void); int X509_PURPOSE_get_id(const X509_PURPOSE *); +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); @@ -842,6 +846,195 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min; + ASN1_INTEGER *max; +} ASRange; + +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DECLARE_STACK_OF(ASIdOrRange) + +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum; + ASIdentifierChoice *rdi; +} ASIdentifiers; + +ASRange *ASRange_new(void); +void ASRange_free(ASRange *a); +ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len); +int i2d_ASRange(ASRange *a, unsigned char **out); +extern const ASN1_ITEM ASRange_it; + +ASIdOrRange *ASIdOrRange_new(void); +void ASIdOrRange_free(ASIdOrRange *a); +ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in, + long len); +int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out); +extern const ASN1_ITEM ASIdOrRange_it; + +ASIdentifierChoice *ASIdentifierChoice_new(void); +void ASIdentifierChoice_free(ASIdentifierChoice *a); +ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a, + const unsigned char **in, long len); +int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out); +extern const ASN1_ITEM ASIdentifierChoice_it; + +ASIdentifiers *ASIdentifiers_new(void); +void ASIdentifiers_free(ASIdentifiers *a); +ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in, + long len); +int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out); +extern const ASN1_ITEM ASIdentifiers_it; + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min; + ASN1_BIT_STRING *max; +} IPAddressRange; + +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DECLARE_STACK_OF(IPAddressOrRange) + +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DECLARE_STACK_OF(IPAddressFamily) + +IPAddressRange *IPAddressRange_new(void); +void IPAddressRange_free(IPAddressRange *a); +IPAddressRange *d2i_IPAddressRange(IPAddressRange **a, + const unsigned char **in, long len); +int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out); +extern const ASN1_ITEM IPAddressRange_it; + +IPAddressOrRange *IPAddressOrRange_new(void); +void IPAddressOrRange_free(IPAddressOrRange *a); +IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a, + const unsigned char **in, long len); +int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out); +extern const ASN1_ITEM IPAddressOrRange_it; + +IPAddressChoice *IPAddressChoice_new(void); +void IPAddressChoice_free(IPAddressChoice *a); +IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a, + const unsigned char **in, long len); +int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out); +extern const ASN1_ITEM IPAddressChoice_it; + +IPAddressFamily *IPAddressFamily_new(void); +void IPAddressFamily_free(IPAddressFamily *a); +IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a, + const unsigned char **in, long len); +int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out); +extern const ASN1_ITEM IPAddressFamily_it; + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, + int allow_inheritance); + +#endif /* !OPENSSL_NO_RFC3779 */ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/externals/libressl/include/tls.h b/externals/libressl/include/tls.h index de6d257c4..0c9e497e7 100755 --- a/externals/libressl/include/tls.h +++ b/externals/libressl/include/tls.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */ +/* $OpenBSD: tls.h,v 1.62 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * diff --git a/externals/libressl/openssl.cnf b/externals/libressl/openssl.cnf new file mode 100755 index 000000000..8ce83bf90 --- /dev/null +++ b/externals/libressl/openssl.cnf @@ -0,0 +1,24 @@ +[ req ] +#default_bits = 2048 +#default_md = sha256 +#default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (eg, city) +0.organizationName = Organization Name (eg, company) +organizationalUnitName = Organizational Unit Name (eg, section) +commonName = Common Name (eg, fully qualified host name) +commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 diff --git a/externals/libressl/ssl/CMakeLists.txt b/externals/libressl/ssl/CMakeLists.txt index 015cb6240..cec241705 100755 --- a/externals/libressl/ssl/CMakeLists.txt +++ b/externals/libressl/ssl/CMakeLists.txt @@ -1,15 +1,10 @@ set( SSL_SRC bio_ssl.c - bs_ber.c - bs_cbb.c - bs_cbs.c d1_both.c - d1_clnt.c d1_lib.c d1_pkt.c d1_srtp.c - d1_srvr.c pqueue.c s3_cbc.c s3_lib.c @@ -38,14 +33,17 @@ set( ssl_versions.c t1_enc.c t1_lib.c + tls_buffer.c + tls_content.c + tls_key_share.c + tls12_key_schedule.c + tls12_lib.c tls12_record_layer.c - tls13_buffer.c tls13_client.c tls13_error.c tls13_handshake.c tls13_handshake_msg.c tls13_key_schedule.c - tls13_key_share.c tls13_legacy.c tls13_lib.c tls13_record.c @@ -53,14 +51,34 @@ set( tls13_server.c ) -add_library(ssl ${SSL_SRC}) -target_include_directories(ssl +set( + BS_SRC + bs_ber.c + bs_cbb.c + bs_cbs.c +) + +add_library(ssl_obj OBJECT ${SSL_SRC}) +target_include_directories(ssl_obj PRIVATE . + ../crypto/bio ../include/compat PUBLIC ../include) +add_library(bs_obj OBJECT ${BS_SRC}) +target_include_directories(bs_obj + PRIVATE + . + ../include/compat) + +if(BUILD_SHARED_LIBS) + add_library(ssl $ $) +else() + add_library(ssl $) +endif() + export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym) target_link_libraries(ssl crypto ${PLATFORM_LIBS}) if (WIN32) @@ -80,3 +98,10 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(ssl-static STATIC $) + target_link_libraries(ssl-static crypto-static ${PLATFORM_LIBS}) +endif() + diff --git a/externals/libressl/ssl/VERSION b/externals/libressl/ssl/VERSION index 9c7e4246d..71e554154 100755 --- a/externals/libressl/ssl/VERSION +++ b/externals/libressl/ssl/VERSION @@ -1 +1 @@ -48:1:0 +52:0:0 diff --git a/externals/libressl/ssl/bio_ssl.c b/externals/libressl/ssl/bio_ssl.c index 93cfa0d2a..e86b9d83f 100755 --- a/externals/libressl/ssl/bio_ssl.c +++ b/externals/libressl/ssl/bio_ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ssl.c,v 1.29 2018/08/24 20:30:21 tb Exp $ */ +/* $OpenBSD: bio_ssl.c,v 1.33 2022/01/14 09:12:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,6 +66,7 @@ #include #include +#include "bio_local.h" #include "ssl_locl.h" static int ssl_write(BIO *h, const char *buf, int num); @@ -74,7 +75,7 @@ static int ssl_puts(BIO *h, const char *str); static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ssl_new(BIO *h); static int ssl_free(BIO *data); -static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct bio_ssl_st { SSL *ssl; /* The ssl handle :-) */ /* re-negotiate every time the total number of bytes is this size */ @@ -294,10 +295,10 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr) SSL_shutdown(ssl); if (ssl->internal->handshake_func == - ssl->method->internal->ssl_connect) + ssl->method->ssl_connect) SSL_set_connect_state(ssl); else if (ssl->internal->handshake_func == - ssl->method->internal->ssl_accept) + ssl->method->ssl_accept) SSL_set_accept_state(ssl); SSL_clear(ssl); @@ -462,7 +463,7 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr) } static long -ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { SSL *ssl; BIO_SSL *bs; @@ -509,7 +510,7 @@ BIO_new_buffer_ssl_connect(SSL_CTX *ctx) goto err; return (ret); -err: + err: BIO_free(buf); BIO_free(ssl); return (NULL); @@ -528,7 +529,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx) goto err; return (ret); -err: + err: BIO_free(con); BIO_free(ssl); return (NULL); @@ -553,7 +554,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client) BIO_set_ssl(ret, ssl, BIO_CLOSE); return (ret); -err: + err: BIO_free(ret); return (NULL); } diff --git a/externals/libressl/ssl/bs_ber.c b/externals/libressl/ssl/bs_ber.c index 7863b8be0..5cace24d9 100755 --- a/externals/libressl/ssl/bs_ber.c +++ b/externals/libressl/ssl/bs_ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_ber.c,v 1.9 2016/12/03 12:34:35 jsing Exp $ */ +/* $OpenBSD: bs_ber.c,v 1.11 2021/05/16 10:58:27 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -12,12 +12,11 @@ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ #include -#include - #include "bytestring.h" /* diff --git a/externals/libressl/ssl/bs_cbb.c b/externals/libressl/ssl/bs_cbb.c index e734dd68f..95e53861f 100755 --- a/externals/libressl/ssl/bs_cbb.c +++ b/externals/libressl/ssl/bs_cbb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbb.c,v 1.23 2020/09/16 05:52:04 jsing Exp $ */ +/* $OpenBSD: bs_cbb.c,v 1.27 2022/01/06 14:30:30 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -12,13 +12,12 @@ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ #include #include -#include - #include "bytestring.h" #define CBB_INITIAL_SIZE 64 @@ -277,7 +276,7 @@ CBB_discard_child(CBB *cbb) return; cbb->base->len = cbb->offset; - + cbb->child->base = NULL; cbb->child = NULL; cbb->pending_len_len = 0; @@ -414,6 +413,19 @@ CBB_add_u32(CBB *cbb, size_t value) return cbb_add_u(cbb, (uint32_t)value, 4); } +int +CBB_add_u64(CBB *cbb, uint64_t value) +{ + uint32_t a, b; + + a = value >> 32; + b = value & 0xffffffff; + + if (!CBB_add_u32(cbb, a)) + return 0; + return CBB_add_u32(cbb, b); +} + int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) { diff --git a/externals/libressl/ssl/bs_cbs.c b/externals/libressl/ssl/bs_cbs.c index 5c3b9e3ec..63c078c9b 100755 --- a/externals/libressl/ssl/bs_cbs.c +++ b/externals/libressl/ssl/bs_cbs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs_cbs.c,v 1.18 2019/01/23 22:20:40 beck Exp $ */ +/* $OpenBSD: bs_cbs.c,v 1.24 2021/12/15 17:36:49 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -12,15 +12,12 @@ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ #include #include -#include -#include -#include - #include "bytestring.h" void @@ -50,6 +47,16 @@ cbs_get(CBS *cbs, const uint8_t **p, size_t n) return 1; } +static int +cbs_peek(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + return 1; +} + size_t CBS_offset(const CBS *cbs) { @@ -98,6 +105,11 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) { free(*out_ptr); + *out_ptr = NULL; + + if (CBS_contains_zero_byte(cbs)) + return 0; + *out_ptr = strndup((const char *)cbs->data, cbs->len); return (*out_ptr != NULL); } @@ -188,6 +200,34 @@ CBS_get_u32(CBS *cbs, uint32_t *out) return cbs_get_u(cbs, out, 4); } +int +CBS_get_u64(CBS *cbs, uint64_t *out) +{ + uint32_t a, b; + + if (cbs->len < 8) + return 0; + + if (!CBS_get_u32(cbs, &a)) + return 0; + if (!CBS_get_u32(cbs, &b)) + return 0; + + *out = (uint64_t)a << 32 | b; + return 1; +} + +int +CBS_get_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + cbs->len--; + return 1; +} + int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) { @@ -229,6 +269,73 @@ CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) return cbs_get_length_prefixed(cbs, out, 3); } +static int +cbs_peek_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_peek(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_peek_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_peek(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_peek_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_peek_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_peek_u24(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 3); +} + +int +CBS_peek_u32(CBS *cbs, uint32_t *out) +{ + return cbs_peek_u(cbs, out, 4); +} + +int +CBS_peek_last_u8(CBS *cbs, uint8_t *out) +{ + if (cbs->len == 0) + return 0; + + *out = cbs->data[cbs->len - 1]; + return 1; +} + int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, size_t *out_header_len) diff --git a/externals/libressl/ssl/bytestring.h b/externals/libressl/ssl/bytestring.h index 20ee43999..022bc683a 100755 --- a/externals/libressl/ssl/bytestring.h +++ b/externals/libressl/ssl/bytestring.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bytestring.h,v 1.17 2018/08/16 18:39:37 jsing Exp $ */ +/* $OpenBSD: bytestring.h,v 1.23 2022/01/06 14:30:30 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -12,7 +12,8 @@ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ #ifndef OPENSSL_HEADER_BYTESTRING_H #define OPENSSL_HEADER_BYTESTRING_H @@ -20,8 +21,6 @@ #include #include -#include - __BEGIN_HIDDEN_DECLS /* @@ -134,6 +133,18 @@ int CBS_get_u24(CBS *cbs, uint32_t *out); */ int CBS_get_u32(CBS *cbs, uint32_t *out); +/* + * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_last_u8(CBS *cbs, uint8_t *out); + /* * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances * |cbs|. It returns one on success and zero on error. @@ -161,6 +172,36 @@ int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); */ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); +/* + * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance + * |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but + * does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|, + * but does not advance |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not + * shorten |cbs|. It returns one on success and zero on error. + */ +int CBS_peek_last_u8(CBS *cbs, uint8_t *out); + /* Parsing ASN.1 */ @@ -467,6 +508,12 @@ int CBB_add_u24(CBB *cbb, size_t value); */ int CBB_add_u32(CBB *cbb, size_t value); +/* + * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u64(CBB *cbb, uint64_t value); + /* * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| * and writes |value| in its contents. It returns one on success and zero on diff --git a/externals/libressl/ssl/d1_both.c b/externals/libressl/ssl/d1_both.c index 3d2516ce4..fd7c07a4d 100755 --- a/externals/libressl/ssl/d1_both.c +++ b/externals/libressl/ssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.60 2020/09/26 14:43:17 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -117,15 +117,15 @@ #include #include -#include "ssl_locl.h" - #include #include #include #include -#include "pqueue.h" #include "bytestring.h" +#include "dtls_locl.h" +#include "pqueue.h" +#include "ssl_locl.h" #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) @@ -148,15 +148,15 @@ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ if (bitmask[ii] != 0xff) { is_complete = 0; break; } } -static unsigned char bitmask_start_values[] = { +static const unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; -static unsigned char bitmask_end_values[] = { +static const unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; /* XDTLS: figure out the right values */ -static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; +static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, @@ -201,12 +201,6 @@ dtls1_hm_fragment_free(hm_fragment *frag) if (frag == NULL) return; - if (frag->msg_header.is_ccs) { - EVP_CIPHER_CTX_free( - frag->msg_header.saved_retransmit_state.enc_write_ctx); - EVP_MD_CTX_free( - frag->msg_header.saved_retransmit_state.write_hash); - } free(frag->fragment); free(frag->reassembly); free(frag); @@ -218,12 +212,13 @@ dtls1_do_write(SSL *s, int type) { int ret; int curr_mtu; - unsigned int len, frag_off, mac_size, blocksize; + unsigned int len, frag_off; + size_t overhead; /* AHA! Figure out the MTU, and stick to the right size */ - if (D1I(s)->mtu < dtls1_min_mtu() && + if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* @@ -231,44 +226,36 @@ dtls1_do_write(SSL *s, int type) * doesn't know the MTU (ie., the initial write), so just * make sure we have a reasonable number */ - if (D1I(s)->mtu < dtls1_min_mtu()) { - D1I(s)->mtu = 0; - D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); + if (s->d1->mtu < dtls1_min_mtu()) { + s->d1->mtu = 0; + s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - D1I(s)->mtu, NULL); + s->d1->mtu, NULL); } } - OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); + OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->internal->init_num == - (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); - if (s->internal->write_hash) - mac_size = EVP_MD_CTX_size(s->internal->write_hash); - else - mac_size = 0; - - if (s->internal->enc_write_ctx && - (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) - blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); - else - blocksize = 0; + if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead)) + return -1; frag_off = 0; while (s->internal->init_num) { - curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; + curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - + DTLS1_RT_HEADER_LENGTH - overhead; if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { /* grr.. we could get an error if MTU picked was wrong */ ret = BIO_flush(SSL_get_wbio(s)); if (ret <= 0) return ret; - curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - - mac_size - blocksize; + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + overhead; } if (s->internal->init_num > curr_mtu) @@ -276,7 +263,6 @@ dtls1_do_write(SSL *s, int type) else len = s->internal->init_num; - /* XDTLS: this function is too long. split out the CCS part */ if (type == SSL3_RT_HANDSHAKE) { if (s->internal->init_off != 0) { @@ -293,8 +279,8 @@ dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); - if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr, - D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len, + if (!dtls1_write_message_header(&s->d1->w_msg_hdr, + s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) return -1; @@ -313,7 +299,7 @@ dtls1_do_write(SSL *s, int type) */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else return (-1); @@ -327,14 +313,14 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && - !D1I(s)->retransmitting) { + !s->d1->retransmitting) { /* * Should not be done for 'Hello Request's, * but in that case we'll ignore the result * anyway */ unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; - const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; if (frag_off == 0) { @@ -382,40 +368,39 @@ dtls1_do_write(SSL *s, int type) * Read an entire handshake message. Handshake messages arrive in * fragments. */ -long -dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +int +dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) { - int i, al; struct hm_header_st *msg_hdr; unsigned char *p; unsigned long msg_len; + int i, al, ok; /* * s3->internal->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ - if (S3I(s)->tmp.reuse_message) { - S3I(s)->tmp.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } - *ok = 1; s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->internal->init_num = (int)S3I(s)->tmp.message_size; - return s->internal->init_num; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; + return 1; } - msg_hdr = &D1I(s)->r_msg_hdr; + msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(struct hm_header_st)); -again: - i = dtls1_get_message_fragment(s, st1, stn, max, ok); + again: + i = dtls1_get_message_fragment(s, st1, stn, max, &ok); if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ goto again; - else if (i <= 0 && !*ok) + else if (i <= 0 && !ok) return i; p = (unsigned char *)s->internal->init_buf->data; @@ -435,19 +420,17 @@ again: memset(msg_hdr, 0, sizeof(struct hm_header_st)); /* Don't change sequence numbers while listening */ - if (!D1I(s)->listen) - D1I(s)->handshake_read_seq++; + if (!s->d1->listen) + s->d1->handshake_read_seq++; s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->internal->init_num; + return 1; -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - *ok = 0; return -1; } - static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) { @@ -468,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_ILLEGAL_PARAMETER; } - if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ + if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ { /* * msg_len is limited to 2^24, but is effectively checked @@ -480,12 +463,12 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_INTERNAL_ERROR; } - S3I(s)->tmp.message_size = msg_len; - D1I(s)->r_msg_hdr.msg_len = msg_len; - S3I(s)->tmp.message_type = msg_hdr->type; - D1I(s)->r_msg_hdr.type = msg_hdr->type; - D1I(s)->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { + s->s3->hs.tls12.message_size = msg_len; + s->d1->r_msg_hdr.msg_len = msg_len; + s->s3->hs.tls12.message_type = msg_hdr->type; + s->d1->r_msg_hdr.type = msg_hdr->type; + s->d1->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != s->d1->r_msg_hdr.msg_len) { /* * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. @@ -511,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(D1I(s)->buffered_messages); + item = pqueue_peek(s->d1->buffered_messages); if (item == NULL) return 0; @@ -521,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (frag->reassembly != NULL) return 0; - if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { + if (s->d1->handshake_read_seq == frag->msg_header.seq) { unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(D1I(s)->buffered_messages); + pqueue_pop(s->d1->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header, max); @@ -588,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); if (item == NULL) { frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); @@ -614,7 +597,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) unsigned char devnull [256]; while (frag_len) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); if (i <= 0) @@ -626,7 +609,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) } /* read the body of the fragment (header has already been read */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off, frag_len, 0); if (i <= 0 || (unsigned long)i != frag_len) goto err; @@ -653,12 +636,12 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) goto err; } - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; -err: + err: if (item == NULL && frag != NULL) dtls1_hm_fragment_free(frag); *ok = 0; @@ -682,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); /* * If we already have an entry and this one is a fragment, @@ -697,14 +680,14 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. */ - if (msg_hdr->seq <= D1I(s)->handshake_read_seq || - msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || - (D1I(s)->handshake_read_seq == 0 && + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; while (frag_len) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); if (i <= 0) @@ -726,7 +709,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (frag_len) { /* read the body of the fragment (header has already been read */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment, frag_len, 0); if (i <= 0 || (unsigned long)i != frag_len) goto err; @@ -740,12 +723,12 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (item == NULL) goto err; - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; -err: + err: if (item == NULL && frag != NULL) dtls1_hm_fragment_free(frag); *ok = 0; @@ -758,10 +741,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; unsigned long len, frag_off, frag_len; - int i, al; struct hm_header_st msg_hdr; + int i, al; + CBS cbs; -again: + again: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { if (*ok) @@ -770,21 +754,21 @@ again: } /* read handshake message header */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, DTLS1_HM_HEADER_LENGTH, 0); - if (i <= 0) /* nbio, or an error */ - { + if (i <= 0) { + /* nbio, or an error */ s->internal->rwstate = SSL_READING; *ok = 0; return i; } - /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH || - /* parse the message fragment header */ - dtls1_get_message_header(wire, &msg_hdr) == 0) { + + CBS_init(&cbs, wire, i); + if (!dtls1_get_message_header(&cbs, &msg_hdr)) { + /* Handshake fails if message header is incomplete. */ al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } /* @@ -793,8 +777,8 @@ again: * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != D1I(s)->handshake_read_seq && - !(D1I(s)->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != s->d1->handshake_read_seq && + !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -804,7 +788,7 @@ again: if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); - if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- @@ -826,20 +810,20 @@ again: { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } } if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) - goto f_err; + goto fatal_err; /* XDTLS: ressurect this when restart is in place */ - S3I(s)->hs.state = stn; + s->s3->hs.state = stn; if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); /* XDTLS: fix this--message fragments cannot span multiple packets */ if (i <= 0) { @@ -855,13 +839,11 @@ again: * handshake to fail */ if (i != (int)frag_len) { - al = SSL3_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER); - goto f_err; + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); + goto fatal_err; } - *ok = 1; - /* * Note that s->internal->init_num is *not* used as current offset in * s->internal->init_buf->data, but as a counter summing up fragments' @@ -869,9 +851,10 @@ again: * length, we assume we have got all the fragments. */ s->internal->init_num = frag_len; + *ok = 1; return frag_len; -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); s->internal->init_num = 0; @@ -973,27 +956,21 @@ dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); - if (is_ccs) { - OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + - ((s->version == DTLS1_VERSION) ? - DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->internal->init_num); - } else { - OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->internal->init_num); - } + OPENSSL_assert(s->d1->w_msg_hdr.msg_len + + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == + (unsigned int)s->internal->init_num); - frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; - frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; - frag->msg_header.type = D1I(s)->w_msg_hdr.type; + frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; + frag->msg_header.seq = s->d1->w_msg_hdr.seq; + frag->msg_header.type = s->d1->w_msg_hdr.type; frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; /* save current state*/ - frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx; - frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash; frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; + frag->msg_header.saved_retransmit_state.epoch = + tls12_record_layer_write_epoch(s->internal->rl); memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(dtls1_get_queue_priority( @@ -1022,7 +999,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, unsigned long header_length; unsigned char seq64be[8]; struct dtls1_retransmit_state saved_state; - unsigned char save_write_sequence[8]; /* OPENSSL_assert(s->internal->init_num == 0); @@ -1060,45 +1036,27 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, frag->msg_header.frag_len); /* save current state */ - saved_state.enc_write_ctx = s->internal->enc_write_ctx; - saved_state.write_hash = s->internal->write_hash; saved_state.session = s->session; - saved_state.epoch = D1I(s)->w_epoch; + saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); - D1I(s)->retransmitting = 1; + s->d1->retransmitting = 1; /* restore state in which the message was originally sent */ - s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; - s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->session = frag->msg_header.saved_retransmit_state.session; - D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; - - if (frag->msg_header.saved_retransmit_state.epoch == - saved_state.epoch - 1) { - memcpy(save_write_sequence, S3I(s)->write_sequence, - sizeof(S3I(s)->write_sequence)); - memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence, - sizeof(S3I(s)->write_sequence)); - } + if (!tls12_record_layer_use_write_epoch(s->internal->rl, + frag->msg_header.saved_retransmit_state.epoch)) + return 0; ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); /* restore current state */ - s->internal->enc_write_ctx = saved_state.enc_write_ctx; - s->internal->write_hash = saved_state.write_hash; s->session = saved_state.session; - D1I(s)->w_epoch = saved_state.epoch; + if (!tls12_record_layer_use_write_epoch(s->internal->rl, + saved_state.epoch)) + return 0; - if (frag->msg_header.saved_retransmit_state.epoch == - saved_state.epoch - 1) { - memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence, - sizeof(S3I(s)->write_sequence)); - memcpy(S3I(s)->write_sequence, save_write_sequence, - sizeof(S3I(s)->write_sequence)); - } - - D1I(s)->retransmitting = 0; + s->d1->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -1108,11 +1066,16 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, void dtls1_clear_record_buffer(SSL *s) { + hm_fragment *frag; pitem *item; for(item = pqueue_pop(s->d1->sent_messages); item != NULL; item = pqueue_pop(s->d1->sent_messages)) { - dtls1_hm_fragment_free((hm_fragment *)item->data); + frag = item->data; + if (frag->msg_header.is_ccs) + tls12_record_layer_write_epoch_done(s->internal->rl, + frag->msg_header.saved_retransmit_state.epoch); + dtls1_hm_fragment_free(frag); pitem_free(item); } } @@ -1122,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !D1I(s)->listen) { - D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; - D1I(s)->next_handshake_write_seq++; + if (frag_off == 0 && !s->d1->listen) { + s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + s->d1->next_handshake_write_seq++; } - dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, + dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, frag_off, frag_len); } @@ -1136,7 +1099,7 @@ void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; @@ -1148,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; @@ -1206,26 +1169,23 @@ dtls1_guess_mtu(unsigned int curr_mtu) } int -dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) +dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr) { - CBS header; uint32_t msg_len, frag_off, frag_len; uint16_t seq; uint8_t type; - CBS_init(&header, data, sizeof(*msg_hdr)); - memset(msg_hdr, 0, sizeof(*msg_hdr)); - if (!CBS_get_u8(&header, &type)) + if (!CBS_get_u8(header, &type)) return 0; - if (!CBS_get_u24(&header, &msg_len)) + if (!CBS_get_u24(header, &msg_len)) return 0; - if (!CBS_get_u16(&header, &seq)) + if (!CBS_get_u16(header, &seq)) return 0; - if (!CBS_get_u24(&header, &frag_off)) + if (!CBS_get_u24(header, &frag_off)) return 0; - if (!CBS_get_u24(&header, &frag_len)) + if (!CBS_get_u24(header, &frag_len)) return 0; msg_hdr->type = type; @@ -1236,11 +1196,3 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) return 1; } - -void -dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) -{ - memset(ccs_hdr, 0, sizeof(struct ccs_header_st)); - - ccs_hdr->type = *(data++); -} diff --git a/externals/libressl/ssl/d1_lib.c b/externals/libressl/ssl/d1_lib.c index b7d23ef4c..770734e6f 100755 --- a/externals/libressl/ssl/d1_lib.c +++ b/externals/libressl/ssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.50 2020/09/26 14:43:17 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -67,6 +67,7 @@ #include +#include "dtls_locl.h" #include "pqueue.h" #include "ssl_locl.h" @@ -74,10 +75,6 @@ void dtls1_hm_fragment_free(hm_fragment *frag); static int dtls1_listen(SSL *s, struct sockaddr *client); -SSL3_ENC_METHOD DTLSv1_enc_data = { - .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, -}; - int dtls1_new(SSL *s) { @@ -86,24 +83,20 @@ dtls1_new(SSL *s) if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) goto err; - if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL) - goto err; - if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL) + if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->processed_rcds.q = pqueue_new()) == NULL) - goto err; - if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL) + if ((s->d1->buffered_messages = pqueue_new()) == NULL) goto err; if ((s->d1->sent_messages = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL) + if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL) goto err; if (s->server) - s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); err: @@ -145,11 +138,10 @@ dtls1_drain_fragments(pqueue queue) static void dtls1_clear_queues(SSL *s) { - dtls1_drain_records(D1I(s)->unprocessed_rcds.q); - dtls1_drain_records(D1I(s)->processed_rcds.q); - dtls1_drain_fragments(D1I(s)->buffered_messages); + dtls1_drain_records(s->d1->unprocessed_rcds.q); + dtls1_drain_fragments(s->d1->buffered_messages); dtls1_drain_fragments(s->d1->sent_messages); - dtls1_drain_records(D1I(s)->buffered_app_data.q); + dtls1_drain_records(s->d1->buffered_app_data.q); } void @@ -160,59 +152,55 @@ dtls1_free(SSL *s) ssl3_free(s); + if (s->d1 == NULL) + return; + dtls1_clear_queues(s); - pqueue_free(D1I(s)->unprocessed_rcds.q); - pqueue_free(D1I(s)->processed_rcds.q); - pqueue_free(D1I(s)->buffered_messages); + pqueue_free(s->d1->unprocessed_rcds.q); + pqueue_free(s->d1->buffered_messages); pqueue_free(s->d1->sent_messages); - pqueue_free(D1I(s)->buffered_app_data.q); + pqueue_free(s->d1->buffered_app_data.q); - freezero(s->d1->internal, sizeof(*s->d1->internal)); freezero(s->d1, sizeof(*s->d1)); - s->d1 = NULL; } void dtls1_clear(SSL *s) { - struct dtls1_state_internal_st *internal; pqueue unprocessed_rcds; - pqueue processed_rcds; pqueue buffered_messages; pqueue sent_messages; pqueue buffered_app_data; unsigned int mtu; if (s->d1) { - unprocessed_rcds = D1I(s)->unprocessed_rcds.q; - processed_rcds = D1I(s)->processed_rcds.q; - buffered_messages = D1I(s)->buffered_messages; + unprocessed_rcds = s->d1->unprocessed_rcds.q; + buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; - buffered_app_data = D1I(s)->buffered_app_data.q; - mtu = D1I(s)->mtu; + buffered_app_data = s->d1->buffered_app_data.q; + mtu = s->d1->mtu; dtls1_clear_queues(s); - memset(s->d1->internal, 0, sizeof(*s->d1->internal)); - internal = s->d1->internal; memset(s->d1, 0, sizeof(*s->d1)); - s->d1->internal = internal; + + s->d1->unprocessed_rcds.epoch = + tls12_record_layer_read_epoch(s->internal->rl) + 1; if (s->server) { - D1I(s)->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); } if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { - D1I(s)->mtu = mtu; + s->d1->mtu = mtu; } - D1I(s)->unprocessed_rcds.q = unprocessed_rcds; - D1I(s)->processed_rcds.q = processed_rcds; - D1I(s)->buffered_messages = buffered_messages; + s->d1->unprocessed_rcds.q = unprocessed_rcds; + s->d1->buffered_messages = buffered_messages; s->d1->sent_messages = sent_messages; - D1I(s)->buffered_app_data.q = buffered_app_data; + s->d1->buffered_app_data.q = buffered_app_data; } ssl3_clear(s); @@ -255,14 +243,15 @@ dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) const SSL_CIPHER * dtls1_get_cipher(unsigned int u) { - const SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *cipher; - if (ciph != NULL) { - if (ciph->algorithm_enc == SSL_RC4) - return NULL; - } + if ((cipher = ssl3_get_cipher(u)) == NULL) + return NULL; - return ciph; + if (cipher->algorithm_enc == SSL_RC4) + return NULL; + + return cipher; } void @@ -357,7 +346,7 @@ void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, @@ -369,16 +358,16 @@ dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - D1I(s)->timeout.num_alerts++; + s->d1->timeout.num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ - if (D1I(s)->timeout.num_alerts > 2) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + if (s->d1->timeout.num_alerts > 2) { + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } - if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); return -1; @@ -400,9 +389,9 @@ dtls1_handle_timeout(SSL *s) if (dtls1_check_timeout_num(s) < 0) return -1; - D1I(s)->timeout.read_timeouts++; - if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - D1I(s)->timeout.read_timeouts = 1; + s->d1->timeout.read_timeouts++; + if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { + s->d1->timeout.read_timeouts = 1; } dtls1_start_timer(s); @@ -418,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client) SSL_clear(s); SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - D1I(s)->listen = 1; + s->d1->listen = 1; ret = SSL_accept(s); if (ret <= 0) @@ -427,24 +416,3 @@ dtls1_listen(SSL *s, struct sockaddr *client) (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); return 1; } - -void -dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, - unsigned short epoch) -{ - CBB cbb; - - if (!CBB_init_fixed(&cbb, dst, SSL3_SEQUENCE_SIZE)) - goto err; - if (!CBB_add_u16(&cbb, epoch)) - goto err; - if (!CBB_add_bytes(&cbb, &seq[2], SSL3_SEQUENCE_SIZE - 2)) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return; - - err: - CBB_cleanup(&cbb); -} diff --git a/externals/libressl/ssl/d1_pkt.c b/externals/libressl/ssl/d1_pkt.c index 31ea52fca..456f871a4 100755 --- a/externals/libressl/ssl/d1_pkt.c +++ b/externals/libressl/ssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.82 2020/09/24 17:59:54 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -113,22 +113,17 @@ * [including the GNU Public Licence.] */ -#include - +#include #include #include -#include "ssl_locl.h" - #include #include -#include "pqueue.h" #include "bytestring.h" - -static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len); - +#include "dtls_locl.h" +#include "pqueue.h" +#include "ssl_locl.h" /* mod 128 saturating subtract of two 64-bit values in big-endian order */ static int @@ -182,10 +177,10 @@ satsub64be(const unsigned char *v1, const unsigned char *v2) return brw + (ret & 0xFF); } -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek); -static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); -static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); +static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, + const unsigned char *seq); +static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap, + const unsigned char *seq); static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch); static int dtls1_buffer_record(SSL *s, record_pqueue *q, @@ -194,26 +189,18 @@ static int dtls1_process_record(SSL *s); /* copy buffered record into SSL structure */ static int -dtls1_copy_record(SSL *s, pitem *item) +dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata) { - DTLS1_RECORD_DATA_INTERNAL *rdata; - - rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data; - - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); s->internal->packet = rdata->packet; s->internal->packet_length = rdata->packet_length; - memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); - - /* Set proper sequence number for mac calculation */ - memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6); + memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); return (1); } - static int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) { @@ -231,15 +218,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata->packet = s->internal->packet; rdata->packet_length = s->internal->packet_length; - memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL)); + memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL)); item->data = rdata; s->internal->packet = NULL; s->internal->packet_length = 0; - memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); - memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); + memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); + memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); if (!ssl3_setup_buffers(s)) goto err; @@ -250,10 +237,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return (1); -err: + err: ssl3_release_buffer(&rdata->rbuf); -init_err: + init_err: SSLerror(s, ERR_R_INTERNAL_ERROR); free(rdata); pitem_free(item); @@ -268,7 +255,7 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) item = pqueue_pop(queue->q); if (item) { - dtls1_copy_record(s, item); + dtls1_copy_record(s, item->data); free(item->data); pitem_free(item); @@ -279,45 +266,26 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) return (0); } - -/* retrieve a buffered record that belongs to the new epoch, i.e., not processed - * yet */ -#define dtls1_get_unprocessed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((D1I(s))->unprocessed_rcds)) - -/* retrieve a buffered record that belongs to the current epoch, ie, processed */ -#define dtls1_get_processed_record(s) \ - dtls1_retrieve_buffered_record((s), \ - &((D1I(s))->processed_rcds)) - static int -dtls1_process_buffered_records(SSL *s) +dtls1_process_buffered_record(SSL *s) { - pitem *item; + /* Check if epoch is current. */ + if (s->d1->unprocessed_rcds.epoch != + tls12_record_layer_read_epoch(s->internal->rl)) + return (0); - item = pqueue_peek(D1I(s)->unprocessed_rcds.q); - if (item) { - /* Check if epoch is current. */ - if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch) - return (1); - /* Nothing to do. */ - - /* Process all the records. */ - while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) { - dtls1_get_unprocessed_record(s); - if (! dtls1_process_record(s)) - return (0); - if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), - S3I(s)->rrec.seq_num) < 0) - return (-1); - } + /* Update epoch once all unprocessed records have been processed. */ + if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) { + s->d1->unprocessed_rcds.epoch = + tls12_record_layer_read_epoch(s->internal->rl) + 1; + return (0); } - /* sync epoch numbers once all the unprocessed records - * have been processed */ - D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; - D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; + /* Process one of the records. */ + if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds)) + return (-1); + if (!dtls1_process_record(s)) + return (-1); return (1); } @@ -325,134 +293,50 @@ dtls1_process_buffered_records(SSL *s) static int dtls1_process_record(SSL *s) { - int i, al; - int enc_err; - SSL_SESSION *sess; - SSL3_RECORD_INTERNAL *rr; - unsigned int mac_size, orig_len; - unsigned char md[EVP_MAX_MD_SIZE]; + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); + uint8_t alert_desc; + uint8_t *out; + size_t out_len; - rr = &(S3I(s)->rrec); - sess = s->session; + tls12_record_layer_set_version(s->internal->rl, s->version); - /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->internal->packet - */ - rr->input = &(s->internal->packet[DTLS1_RT_HEADER_LENGTH]); + if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, + s->internal->packet_length, &out, &out_len)) { + tls12_record_layer_alert(s->internal->rl, &alert_desc); - /* ok, we can now read from 's->internal->packet' data into 'rr' - * rr->input points at rr->length bytes, which - * need to be copied into rr->data by either - * the decryption or by the decompression - * When the data is 'copied' into the rr->data buffer, - * rr->input will be pointed at the new buffer */ + if (alert_desc == 0) + goto err; - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr->data = rr->input; - - /* enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid */ - if ((enc_err = tls1_enc(s, 0)) == 0) { - /* For DTLS we simply ignore bad packets. */ - rr->length = 0; - s->internal->packet_length = 0; - goto err; - } - - /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) { - /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - - orig_len = rr->length + rr->padding_length; - - /* orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different - * amount of time if it's too short to possibly contain a MAC. + /* + * DTLS should silently discard invalid records, including those + * with a bad MAC, as per RFC 6347 section 4.1.2.1. */ - if (orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - orig_len < mac_size + 1)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + if (alert_desc == SSL_AD_BAD_RECORD_MAC) { + out_len = 0; + goto done; } - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { - /* We update the length so that the TLS header bytes - * can be constructed correctly but we need to extract - * the MAC in constant time from within the record, - * without leaking the contents of the padding bytes. - * */ - mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); - rr->length -= mac_size; - } else { - /* In this case there's no padding, so |orig_len| - * equals |rec->length| and we checked that there's - * enough bytes for |mac_size| above. */ - rr->length -= mac_size; - mac = &rr->data[rr->length]; - } + if (alert_desc == SSL_AD_RECORD_OVERFLOW) + SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - i = tls1_mac(s, md, 0 /* not send */); - if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) - enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) - enc_err = -1; - } - - if (enc_err < 0) { - /* decryption failed, silently discard message */ - rr->length = 0; - s->internal->packet_length = 0; - goto err; - } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; + goto fatal_err; } + done: + rr->data = out; + rr->length = out_len; rr->off = 0; - /* So at this point the following is true - * ssl->s3->internal->rrec.type is the type of record - * ssl->s3->internal->rrec.length == number of bytes in record - * ssl->s3->internal->rrec.off == offset to first valid byte - * ssl->s3->internal->rrec.data == where to take bytes from, increment - * after use :-). - */ - /* we have pulled in a full packet so zero things */ s->internal->packet_length = 0; + return (1); -f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + fatal_err: + ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc); + err: return (0); } - /* Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. @@ -465,26 +349,19 @@ err: int dtls1_get_record(SSL *s) { - SSL3_RECORD_INTERNAL *rr; + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); unsigned char *p = NULL; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; - int n; + int ret, n; - rr = &(S3I(s)->rrec); - - /* The epoch may have changed. If so, process all the - * pending records. This is a non-blocking operation. */ - if (dtls1_process_buffered_records(s) < 0) - return (-1); - - /* if we're renegotiating, then there may be buffered records */ - if (dtls1_get_processed_record(s)) - return 1; + /* See if there are pending records that can now be processed. */ + if ((ret = dtls1_process_buffered_record(s)) != 0) + return (ret); /* get something from the wire */ if (0) { -again: + again: /* dump this record on all retries */ rr->length = 0; s->internal->packet_length = 0; @@ -515,14 +392,15 @@ again: if (!CBS_get_u16(&header, &ssl_version)) goto again; - /* sequence number is 64 bits, with top 2 bytes = epoch */ - if (!CBS_get_u16(&header, &epoch) || - !CBS_get_bytes(&header, &seq_no, 6)) + /* Sequence number is 64 bits, with top 2 bytes = epoch. */ + if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE)) + goto again; + if (!CBS_get_u16(&seq_no, &epoch)) + goto again; + if (!CBS_write_bytes(&seq_no, &rr->seq_num[2], + sizeof(rr->seq_num) - 2, NULL)) goto again; - if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]), - sizeof(S3I(s)->read_sequence) - 2, NULL)) - goto again; if (!CBS_get_u16(&header, &len)) goto again; @@ -570,9 +448,9 @@ again: * since they arrive from different connections and * would be dropped unnecessarily. */ - if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && + if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && p != NULL && *p == SSL3_MT_CLIENT_HELLO) && - !dtls1_record_replay_check(s, bitmap)) + !dtls1_record_replay_check(s, bitmap, rr->seq_num)) goto again; /* just read a 0 length packet */ @@ -585,12 +463,12 @@ again: * anything while listening. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) { - if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), + if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) { + if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0) return (-1); /* Mark receipt of record. */ - dtls1_record_bitmap_update(s, bitmap); + dtls1_record_bitmap_update(s, bitmap, rr->seq_num); } goto again; } @@ -599,11 +477,184 @@ again: goto again; /* Mark receipt of record. */ - dtls1_record_bitmap_update(s, bitmap); + dtls1_record_bitmap_update(s, bitmap, rr->seq_num); return (1); } +static int +dtls1_read_handshake_unexpected(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + struct hm_header_st hs_msg_hdr; + CBS cbs; + int ret; + + if (s->internal->in_handshake) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + if (rr->off != 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Parse handshake message header. */ + CBS_init(&cbs, rr->data, rr->length); + if (!dtls1_get_message_header(&cbs, &hs_msg_hdr)) + return -1; /* XXX - probably should drop/continue. */ + + /* This may just be a stale retransmit. */ + if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) { + rr->length = 0; + return 1; + } + + if (hs_msg_hdr.type == SSL3_MT_HELLO_REQUEST) { + /* + * Incoming HelloRequest messages should only be received by a + * client. A server may send these at any time - a client should + * ignore the message if received in the middle of a handshake. + * See RFC 5246 sections 7.4 and 7.4.1.1. + */ + if (s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* XXX - should also check frag offset/length. */ + if (hs_msg_hdr.msg_len != 0) { + SSLerror(s, SSL_R_BAD_HELLO_REQUEST); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, rr->data, + DTLS1_HM_HEADER_LENGTH); + + rr->length = 0; + + /* + * It should be impossible to hit this, but keep the safety + * harness for now... + */ + if (s->session == NULL || s->session->cipher == NULL) + return 1; + + /* + * Ignore this message if we're currently handshaking, + * renegotiation is already pending or renegotiation is disabled + * via flags. + */ + if (!SSL_is_init_finished(s) || s->s3->renegotiate || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) + return 1; + + s->d1->handshake_read_seq++; + + /* XXX - why is this set here but not in ssl3? */ + s->internal->new_session = 1; + + if (!ssl3_renegotiate(s)) + return 1; + if (!ssl3_renegotiate_check(s)) + return 1; + + } else if (hs_msg_hdr.type == SSL3_MT_CLIENT_HELLO) { + /* + * Incoming ClientHello messages should only be received by a + * server. A client may send these in response to server + * initiated renegotiation (HelloRequest) or in order to + * initiate renegotiation by the client. See RFC 5246 section + * 7.4.1.2. + */ + if (!s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* + * A client should not be sending a ClientHello unless we're not + * currently handshaking. + */ + if (!SSL_is_init_finished(s)) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_NO_RENEGOTIATION); + return -1; + } + + if (s->session == NULL || s->session->cipher == NULL) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Client requested renegotiation but it is not permitted. */ + if (!s->s3->send_connection_binding || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_RENEGOTIATION); + return 1; + } + + s->s3->hs.state = SSL_ST_ACCEPT; + s->internal->renegotiate = 1; + s->internal->new_session = 1; + + } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) { + /* + * If we are server, we may have a repeated FINISHED of the + * client here, then retransmit our CCS and FINISHED. + */ + if (dtls1_check_timeout_num(s) < 0) + return -1; + + /* XXX - should this be calling ssl_msg_callback()? */ + + dtls1_retransmit_buffered_messages(s); + + rr->length = 0; + + return 1; + + } else { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (s->s3->rbuf.left == 0) { + ssl_force_want_read(s); + return -1; + } + } + + /* + * We either finished a handshake or ignored the request, now try again + * to obtain the (application) data we were asked for. + */ + return 1; +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -634,98 +685,92 @@ again: int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - int al, i, j, ret; - unsigned int n; SSL3_RECORD_INTERNAL *rr; - void (*cb)(const SSL *ssl, int type2, int val) = NULL; + int rrcount = 0; + unsigned int n; + int ret; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) { if (!ssl3_setup_buffers(s)) - return (-1); + return -1; + } - if ((type && - type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if (len < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - /* check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len, peek))) - return ret; + if (type != 0 && type != SSL3_RT_APPLICATION_DATA && + type != SSL3_RT_HANDSHAKE) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + if (peek && type != SSL3_RT_APPLICATION_DATA) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } - /* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - - if (!s->internal->in_handshake && SSL_in_init(s)) - { - /* type == SSL3_RT_APPLICATION_DATA */ - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { + if (SSL_in_init(s) && !s->internal->in_handshake) { + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } start: - s->internal->rwstate = SSL_NOTHING; - - /* S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. */ - rr = &(S3I(s)->rrec); - - /* We are not handshaking and have no data yet, - * so process data buffered during the last handshake - * in advance, if any. + /* + * Do not process more than three consecutive records, otherwise the + * peer can cause us to loop indefinitely. Instead, return with an + * SSL_ERROR_WANT_READ so the caller can choose when to handle further + * processing. In the future, the total number of non-handshake and + * non-application data records per connection should probably also be + * limited... */ - if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) { - pitem *item; - item = pqueue_pop(D1I(s)->buffered_app_data.q); - if (item) { - - dtls1_copy_record(s, item); - - free(item->data); - pitem_free(item); - } + if (rrcount++ >= 3) { + ssl_force_want_read(s); + return -1; } - /* Check for timeout */ + s->internal->rwstate = SSL_NOTHING; + + rr = &s->s3->rrec; + + /* + * We are not handshaking and have no data yet, so process data buffered + * during the last handshake in advance, if any. + */ + if (s->s3->hs.state == SSL_ST_OK && rr->length == 0) + dtls1_retrieve_buffered_record(s, &s->d1->buffered_app_data); + if (dtls1_handle_timeout(s) > 0) goto start; - /* get new packet if necessary */ - if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); - /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); - else - goto start; + if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { + if ((ret = dtls1_get_record(s)) <= 0) { + /* Anything other than a timeout is an error. */ + if ((ret = dtls1_read_failed(s, ret)) <= 0) + return ret; + goto start; } } - if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { + if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { rr->length = 0; goto start; } - /* we now have a packet which can be read and processed */ + /* We now have a packet which can be read and processed. */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) { - /* We now have application data between CCS and Finished. + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { + /* + * We now have application data between CCS and Finished. * Most likely the packets were reordered on their way, so * buffer the application data for later processing rather * than dropping the connection. */ - if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), + if (dtls1_buffer_record(s, &s->d1->buffered_app_data, rr->seq_num) < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (-1); @@ -734,36 +779,41 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ + /* + * If the other end has shut down, throw anything we read away (even in + * 'peek' mode). + */ if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { - rr->length = 0; s->internal->rwstate = SSL_NOTHING; - return (0); + rr->length = 0; + return 0; } - - if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { - al = SSL_AD_UNEXPECTED_MESSAGE; + /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ + if (type == rr->type) { + /* + * Make sure that we are not getting application data when we + * are doing a handshake for the first time. + */ + if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && + !tls12_record_layer_read_protected(s->internal->rl)) { SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; } if (len <= 0) - return (len); + return len; if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; - memcpy(buf, &(rr->data[rr->off]), n); + memcpy(buf, &rr->data[rr->off], n); if (!peek) { + memset(&rr->data[rr->off], 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) { @@ -772,331 +822,68 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - return (n); + return n; } - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, - * fill that so that we can process the data at a fixed place. + /* + * If we get here, then type != rr->type; if we have a handshake + * message, then it was unexpected (Hello Request or Client Hello). */ - { - unsigned int k, dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof D1I(s)->handshake_fragment; - dest = D1I(s)->handshake_fragment; - dest_len = &D1I(s)->handshake_fragment_len; - } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof(D1I(s)->alert_fragment); - dest = D1I(s)->alert_fragment; - dest_len = &D1I(s)->alert_fragment_len; - } - /* else it's a CCS message, or application data or wrong */ - else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { - /* Application data while renegotiating - * is allowed. Try again reading. - */ - if (rr->type == SSL3_RT_APPLICATION_DATA) { - BIO *bio; - S3I(s)->in_read_app_data = 2; - bio = SSL_get_rbio(s); - s->internal->rwstate = SSL_READING; - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - - if (dest_maxlen > 0) { - /* XDTLS: In a pathalogical case, the Client Hello - * may be fragmented--don't always expect dest_maxlen bytes */ - if (rr->length < dest_maxlen) { - s->internal->rstate = SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - - /* now move 'n' bytes: */ - for ( k = 0; k < dest_maxlen; k++) { - dest[k] = rr->data[rr->off++]; - rr->length--; - } - *dest_len = dest_maxlen; - } - } - - /* D1I(s)->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * D1I(s)->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - (D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - D1I(s)->handshake_fragment_len = 0; - - if ((D1I(s)->handshake_fragment[1] != 0) || - (D1I(s)->handshake_fragment[2] != 0) || - (D1I(s)->handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - /* no need to check sequence number on HELLO REQUEST messages */ - - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - D1I(s)->handshake_fragment, 4, s, s->internal->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { - D1I(s)->handshake_read_seq++; - s->internal->new_session = 1; - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->internal->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ + if (rr->type == SSL3_RT_ALERT) { + if ((ret = ssl3_read_alert(s)) <= 0) + return ret; goto start; } - if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { - int alert_level = D1I(s)->alert_fragment[0]; - int alert_descr = D1I(s)->alert_fragment[1]; - - D1I(s)->alert_fragment_len = 0; - - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, SSL3_RT_ALERT, - D1I(s)->alert_fragment, 2, s, s->internal->msg_callback_arg); - - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - - if (cb != NULL) { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (alert_level == 1) /* warning */ - { - S3I(s)->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } - } else if (alert_level == 2) /* fatal */ - { - s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; - SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); - ERR_asprintf_error_data("SSL alert number %d", - alert_descr); - s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx, s->session); - return (0); - } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } - - goto start; - } - - if (s->internal->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ - { + if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { s->internal->rwstate = SSL_NOTHING; rr->length = 0; return (0); } - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - struct ccs_header_st ccs_hdr; - unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - /* XDTLS: check that epoch is consistent */ - if ((rr->length != ccs_hdr_len) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; - } - - rr->length = 0; - - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - rr->data, 1, s, s->internal->msg_callback_arg); - - /* We can't process a CCS now, because previous handshake - * messages are still missing, so just drop it. + if (rr->type == SSL3_RT_APPLICATION_DATA) { + /* + * At this point, we were expecting handshake data, but have + * application data. If the library was running inside + * ssl3_read() (i.e. in_read_app_data is set) and it makes + * sense to read application data at this point (session + * renegotiation not yet started), we will indulge it. */ - if (!D1I(s)->change_cipher_spec_ok) { - goto start; - } - - D1I(s)->change_cipher_spec_ok = 0; - - S3I(s)->change_cipher_spec = 1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - - /* do this whenever CCS is processed */ - dtls1_reset_seq_numbers(s, SSL3_CC_READ); - - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - !s->internal->in_handshake) { - struct hm_header_st msg_hdr; - - /* this may just be a stale retransmit */ - if (!dtls1_get_message_header(rr->data, &msg_hdr)) + if (s->s3->in_read_app_data != 0 && + s->s3->total_renegotiations != 0 && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; + return -1; + } else { + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); return -1; - if (rr->epoch != D1I(s)->r_epoch) { - rr->length = 0; - goto start; } + } - /* If we are server, we may have a repeated FINISHED of the - * client here, then retransmit our CCS and FINISHED. - */ - if (msg_hdr.type == SSL3_MT_FINISHED) { - if (dtls1_check_timeout_num(s) < 0) - return -1; - - dtls1_retransmit_buffered_messages(s); - rr->length = 0; - goto start; - } - - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->internal->renegotiate = 1; - s->internal->new_session = 1; - } - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->internal->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { + if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) + return ret; goto start; } - switch (rr->type) { - default: - /* TLS just ignores unknown message types */ - if (s->version == TLS1_VERSION) { - rr->length = 0; - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto f_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that - * should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto f_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; - return (-1); - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } + if (rr->type == SSL3_RT_HANDSHAKE) { + if ((ret = dtls1_read_handshake_unexpected(s)) <= 0) + return ret; + goto start; } - /* not reached */ - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); + /* Unknown record type. */ + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } int @@ -1124,39 +911,6 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) return i; } - - /* this only happens when a client hello is received and a handshake - * is started. */ -static int -have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek) -{ - - if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ - { - unsigned char *src = D1I(s)->handshake_fragment; - unsigned char *dst = buf; - unsigned int k, n; - - /* peek == 0 */ - n = 0; - while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) { - *dst++ = *src++; - len--; - D1I(s)->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < D1I(s)->handshake_fragment_len; k++) - D1I(s)->handshake_fragment[k] = *src++; - return n; - } - - return 0; -} - - /* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ @@ -1174,7 +928,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); size_t out_len; CBB cbb; int ret; @@ -1191,8 +945,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) } /* If we have an alert to send, let's send it */ - if (S3I(s)->alert_dispatch) { - if ((ret = s->method->ssl_dispatch_alert(s)) <= 0) + if (s->s3->alert_dispatch) { + if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ } @@ -1206,7 +960,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) goto err; tls12_record_layer_set_version(s->internal->rl, s->version); - tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch); if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) goto err; @@ -1220,10 +973,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); @@ -1235,34 +988,30 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) } static int -dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) +dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, + const unsigned char *seq) { - int cmp; unsigned int shift; - const unsigned char *seq = S3I(s)->read_sequence; + int cmp; cmp = satsub64be(seq, bitmap->max_seq_num); - if (cmp > 0) { - memcpy (S3I(s)->rrec.seq_num, seq, 8); + if (cmp > 0) return 1; /* this record in new */ - } shift = -cmp; if (shift >= sizeof(bitmap->map)*8) return 0; /* stale, outside the window */ else if (bitmap->map & (1UL << shift)) return 0; /* record previously received */ - memcpy(S3I(s)->rrec.seq_num, seq, 8); return 1; } - static void -dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) +dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap, + const unsigned char *seq) { - int cmp; unsigned int shift; - const unsigned char *seq = S3I(s)->read_sequence; + int cmp; cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { @@ -1279,83 +1028,33 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) } } - -int -dtls1_dispatch_alert(SSL *s) -{ - int i, j; - void (*cb)(const SSL *ssl, int type, int val) = NULL; - unsigned char buf[DTLS1_AL_HEADER_LENGTH]; - unsigned char *ptr = &buf[0]; - - S3I(s)->alert_dispatch = 0; - - memset(buf, 0, sizeof(buf)); - *ptr++ = S3I(s)->send_alert[0]; - *ptr++ = S3I(s)->send_alert[1]; - - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); - if (i <= 0) { - S3I(s)->alert_dispatch = 1; - /* fprintf( stderr, "not done with alert\n" ); */ - } else { - if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); - - if (s->internal->msg_callback) - s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, - S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg); - - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - - if (cb != NULL) { - j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1]; - cb(s, SSL_CB_WRITE_ALERT, j); - } - } - return (i); -} - - static DTLS1_BITMAP * dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) { + uint16_t read_epoch, read_epoch_next; *is_next_epoch = 0; + read_epoch = tls12_record_layer_read_epoch(s->internal->rl); + read_epoch_next = read_epoch + 1; + /* In current epoch, accept HM, CCS, DATA, & ALERT */ - if (rr->epoch == D1I(s)->r_epoch) - return &D1I(s)->bitmap; + if (rr->epoch == read_epoch) + return &s->d1->bitmap; /* Only HM and ALERT messages can be from the next epoch */ - else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) && - (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { + if (rr->epoch == read_epoch_next && + (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; - return &D1I(s)->next_bitmap; + return &s->d1->next_bitmap; } return NULL; } void -dtls1_reset_seq_numbers(SSL *s, int rw) +dtls1_reset_read_seq_numbers(SSL *s) { - unsigned char *seq; - unsigned int seq_bytes = sizeof(S3I(s)->read_sequence); - - if (rw & SSL3_CC_READ) { - D1I(s)->r_epoch++; - seq = S3I(s)->read_sequence; - memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); - } else { - D1I(s)->w_epoch++; - seq = S3I(s)->write_sequence; - memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence)); - } - - memset(seq, 0, seq_bytes); + memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); + memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP)); } diff --git a/externals/libressl/ssl/d1_srtp.c b/externals/libressl/ssl/d1_srtp.c index 70e9a4f12..793fa868d 100755 --- a/externals/libressl/ssl/d1_srtp.c +++ b/externals/libressl/ssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.24 2020/03/16 15:25:13 tb Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.30 2022/01/28 13:11:56 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,15 +118,16 @@ #include #include - -#include "ssl_locl.h" +#include #ifndef OPENSSL_NO_SRTP #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" #include "srtp.h" -static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { +static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, @@ -135,14 +136,22 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, }, + { + "SRTP_AEAD_AES_128_GCM", + SRTP_AEAD_AES_128_GCM, + }, + { + "SRTP_AEAD_AES_256_GCM", + SRTP_AEAD_AES_256_GCM, + }, {0} }; int -srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, - unsigned int len) +srtp_find_profile_by_name(const char *profile_name, + const SRTP_PROTECTION_PROFILE **pptr, unsigned int len) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -160,9 +169,9 @@ srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, int srtp_find_profile_by_num(unsigned int profile_num, - SRTP_PROTECTION_PROFILE **pptr) + const SRTP_PROTECTION_PROFILE **pptr) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -181,11 +190,9 @@ ssl_ctx_make_profiles(const char *profiles_string, STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; - char *col; - char *ptr = (char *)profiles_string; - - SRTP_PROTECTION_PROFILE *p; + const char *ptr = profiles_string; + const SRTP_PROTECTION_PROFILE *p; if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); @@ -197,7 +204,10 @@ ssl_ctx_make_profiles(const char *profiles_string, if (!srtp_find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) { - sk_SRTP_PROTECTION_PROFILE_push(profiles, p); + if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } } else { SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); sk_SRTP_PROTECTION_PROFILE_free(profiles); @@ -245,7 +255,8 @@ SSL_get_srtp_profiles(SSL *s) SRTP_PROTECTION_PROFILE * SSL_get_selected_srtp_profile(SSL *s) { - return s->internal->srtp_profile; + /* XXX cast away the const */ + return (SRTP_PROTECTION_PROFILE *)s->internal->srtp_profile; } #endif diff --git a/externals/libressl/ssl/dtls_locl.h b/externals/libressl/ssl/dtls_locl.h new file mode 100755 index 000000000..da5c259af --- /dev/null +++ b/externals/libressl/ssl/dtls_locl.h @@ -0,0 +1,222 @@ +/* $OpenBSD: dtls_locl.h,v 1.10 2021/10/23 13:45:44 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DTLS_LOCL_H +#define HEADER_DTLS_LOCL_H + +#include + +#include + +#include "ssl_locl.h" + +__BEGIN_HIDDEN_DECLS + +typedef struct dtls1_bitmap_st { + unsigned long map; /* track 32 packets on 32-bit systems + and 64 - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, + 64-bit value in big-endian + encoding */ +} DTLS1_BITMAP; + +struct dtls1_retransmit_state { + SSL_SESSION *session; + unsigned short epoch; +}; + +struct hm_header_st { + unsigned char type; + unsigned long msg_len; + unsigned short seq; + unsigned long frag_off; + unsigned long frag_len; + unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; +}; + +struct dtls1_timeout_st { + /* Number of read timeouts so far */ + unsigned int read_timeouts; + + /* Number of write timeouts so far */ + unsigned int write_timeouts; + + /* Number of alerts received so far */ + unsigned int num_alerts; +}; + +struct _pqueue; + +typedef struct record_pqueue_st { + unsigned short epoch; + struct _pqueue *q; +} record_pqueue; + +typedef struct hm_fragment_st { + struct hm_header_st msg_header; + unsigned char *fragment; + unsigned char *reassembly; +} hm_fragment; + +typedef struct dtls1_record_data_internal_st { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER_INTERNAL rbuf; + SSL3_RECORD_INTERNAL rrec; +} DTLS1_RECORD_DATA_INTERNAL; + +struct dtls1_state_st { + /* Buffered (sent) handshake records */ + struct _pqueue *sent_messages; + + /* Indicates when the last handshake msg or heartbeat sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; + + unsigned int send_cookie; + unsigned char cookie[DTLS1_COOKIE_LENGTH]; + unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; + unsigned int cookie_len; + + /* records being received in the current epoch */ + DTLS1_BITMAP bitmap; + + /* renegotiation starts a new set of sequence numbers */ + DTLS1_BITMAP next_bitmap; + + /* handshake message numbers */ + unsigned short handshake_write_seq; + unsigned short next_handshake_write_seq; + + unsigned short handshake_read_seq; + + /* Received handshake records (unprocessed) */ + record_pqueue unprocessed_rcds; + + /* Buffered handshake messages */ + struct _pqueue *buffered_messages; + + /* Buffered application records. + * Only for records between CCS and Finished + * to prevent either protocol violation or + * unnecessary message loss. + */ + record_pqueue buffered_app_data; + + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + + unsigned int mtu; /* max DTLS packet size */ + + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + + struct dtls1_timeout_st timeout; + + unsigned int retransmitting; + unsigned int change_cipher_spec_ok; +}; + +int dtls1_do_write(SSL *s, int type); +int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); +void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, + unsigned long frag_off, unsigned long frag_len); +void dtls1_set_message_header_int(SSL *s, unsigned char mt, + unsigned long len, unsigned short seq_num, unsigned long frag_off, + unsigned long frag_len); + +int do_dtls1_write(SSL *s, int type, const unsigned char *buf, + unsigned int len); + +int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); +int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); + +int dtls1_read_failed(SSL *s, int code); +int dtls1_buffer_message(SSL *s, int ccs); +int dtls1_retransmit_message(SSL *s, unsigned short seq, + unsigned long frag_off, int *found); +int dtls1_get_queue_priority(unsigned short seq, int is_ccs); +int dtls1_retransmit_buffered_messages(SSL *s); +void dtls1_clear_record_buffer(SSL *s); +int dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr); +void dtls1_reset_read_seq_numbers(SSL *s); +struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); +int dtls1_check_timeout_num(SSL *s); +int dtls1_handle_timeout(SSL *s); +const SSL_CIPHER *dtls1_get_cipher(unsigned int u); +void dtls1_start_timer(SSL *s); +void dtls1_stop_timer(SSL *s); +int dtls1_is_timer_expired(SSL *s); +void dtls1_double_timeout(SSL *s); +unsigned int dtls1_min_mtu(void); + +int dtls1_new(SSL *s); +void dtls1_free(SSL *s); +void dtls1_clear(SSL *s); +long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); + +int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max); +int dtls1_get_record(SSL *s); + +__END_HIDDEN_DECLS + +#endif diff --git a/externals/libressl/ssl/s3_cbc.c b/externals/libressl/ssl/s3_cbc.c index 74e0562c2..e0289d894 100755 --- a/externals/libressl/ssl/s3_cbc.c +++ b/externals/libressl/ssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.22 2020/06/19 21:26:40 tb Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.25 2021/12/09 17:45:49 tb Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -53,11 +53,11 @@ * */ -#include "ssl_locl.h" - #include #include +#include "ssl_locl.h" + /* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length * field. (SHA-384/512 have 128-bit length.) */ #define MAX_HASH_BIT_COUNT_BYTES 16 @@ -101,7 +101,7 @@ constant_time_eq_8(unsigned int a, unsigned int b) return DUPLICATE_MSB_TO_ALL_8(c); } -/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC +/* ssl3_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and * -1 otherwise. It also removes any explicit IV from the start of the record * without leaking any timing about whether there was enough space after the @@ -113,26 +113,24 @@ constant_time_eq_8(unsigned int a, unsigned int b) * 1: if the padding was valid * -1: otherwise. */ int -tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec, - unsigned int block_size, unsigned int mac_size) +ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len, + unsigned int mac_size) { unsigned int padding_length, good, to_check, i; const unsigned int overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ - if (SSL_USE_EXPLICIT_IV(s)) { - /* These lengths are all public so we can test them in - * non-constant time. - */ - if (overhead + block_size > rec->length) - return 0; - /* We can now safely skip explicit IV */ - rec->data += block_size; - rec->input += block_size; - rec->length -= block_size; - } else if (overhead > rec->length) + /* + * These lengths are all public so we can test them in + * non-constant time. + */ + if (overhead + eiv_len > rec->length) return 0; + /* We can now safely skip explicit IV, if any. */ + rec->data += eiv_len; + rec->input += eiv_len; + rec->length -= eiv_len; + padding_length = rec->data[rec->length - 1]; good = constant_time_ge(rec->length, overhead + padding_length); @@ -406,7 +404,7 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; unsigned int i, j, md_out_size_u; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; /* mdLengthSize is the number of bytes in the length field that terminates * the hash. */ unsigned int md_length_size = 8; @@ -607,9 +605,10 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, mac_out[j] |= block[j]&is_block_b; } - EVP_MD_CTX_init(&md_ctx); - if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) { - EVP_MD_CTX_cleanup(&md_ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + return 0; + if (!EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */)) { + EVP_MD_CTX_free(md_ctx); return 0; } @@ -617,13 +616,13 @@ ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); - EVP_DigestUpdate(&md_ctx, mac_out, md_size); + EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size); + EVP_DigestUpdate(md_ctx, mac_out, md_size); - EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (md_out_size) *md_out_size = md_out_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return 1; } diff --git a/externals/libressl/ssl/s3_lib.c b/externals/libressl/ssl/s3_lib.c index 91bfb5f3b..624841a7a 100755 --- a/externals/libressl/ssl/s3_lib.c +++ b/externals/libressl/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.228 2022/03/17 17:24:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -156,9 +156,13 @@ #include #include #include +#include -#include "ssl_locl.h" #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" +#include "ssl_sigalgs.h" +#include "ssl_tlsext.h" #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) @@ -170,7 +174,7 @@ #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) /* list of available SSLv3 ciphers (sorted by id) */ -SSL_CIPHER ssl3_ciphers[] = { +const SSL_CIPHER ssl3_ciphers[] = { /* The RSA ciphers */ /* Cipher 01 */ @@ -417,7 +421,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -433,7 +437,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -449,7 +453,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -518,7 +522,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -534,7 +538,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -550,7 +554,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -566,7 +570,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA256, .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -878,7 +882,7 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1301 */ { .valid = 1, - .name = TLS1_3_TXT_AES_128_GCM_SHA256, + .name = TLS1_3_RFC_AES_128_GCM_SHA256, .id = TLS1_3_CK_AES_128_GCM_SHA256, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -894,7 +898,7 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1302 */ { .valid = 1, - .name = TLS1_3_TXT_AES_256_GCM_SHA384, + .name = TLS1_3_RFC_AES_256_GCM_SHA384, .id = TLS1_3_CK_AES_256_GCM_SHA384, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -910,7 +914,7 @@ SSL_CIPHER ssl3_ciphers[] = { /* Cipher 1303 */ { .valid = 1, - .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, + .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, .algorithm_mkey = SSL_kTLS1_3, .algorithm_auth = SSL_aTLS1_3, @@ -1440,14 +1444,14 @@ ssl3_pending(const SSL *s) if (s->internal->rstate == SSL_ST_READ_BODY) return 0; - return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? - S3I(s)->rrec.length : 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? + s->s3->rrec.length : 0; } int ssl3_handshake_msg_hdr_len(SSL *s) { - return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : + return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH); } @@ -1460,7 +1464,7 @@ ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type) goto err; if (!CBB_add_u8(handshake, msg_type)) goto err; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { unsigned char *data; if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - @@ -1497,7 +1501,7 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake) s->internal->init_num = (int)outlen; s->internal->init_off = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { unsigned long len; uint8_t msg_type; CBS cbs; @@ -1529,7 +1533,7 @@ ssl3_handshake_write(SSL *s) int ssl3_record_write(SSL *s, int type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return dtls1_do_write(s, type); return ssl3_do_write(s, type); @@ -1540,12 +1544,8 @@ ssl3_new(SSL *s) { if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) return (0); - if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { - free(s->s3); - return (0); - } - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -1559,25 +1559,22 @@ ssl3_free(SSL *s) tls1_cleanup_key_block(s); ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); - DH_free(S3I(s)->tmp.dh); - EC_KEY_free(S3I(s)->tmp.ecdh); - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); + tls_key_share_free(s->s3->hs.key_share); - tls13_key_share_free(S3I(s)->hs_tls13.key_share); - tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); - freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); - tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + sk_X509_pop_free(s->internal->verified_chain, X509_free); tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); + free(s->s3->alpn_selected); - freezero(S3I(s), sizeof(*S3I(s))); freezero(s->s3, sizeof(*s->s3)); s->s3 = NULL; @@ -1586,105 +1583,78 @@ ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - struct ssl3_state_internal_st *internal; unsigned char *rp, *wp; size_t rlen, wlen; tls1_cleanup_key_block(s); - sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + sk_X509_pop_free(s->internal->verified_chain, X509_free); + s->internal->verified_chain = NULL; - DH_free(S3I(s)->tmp.dh); - S3I(s)->tmp.dh = NULL; - EC_KEY_free(S3I(s)->tmp.ecdh); - S3I(s)->tmp.ecdh = NULL; - S3I(s)->tmp.ecdh_nid = NID_undef; - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); + s->s3->hs.sigalgs = NULL; + s->s3->hs.sigalgs_len = 0; - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); - S3I(s)->hs.sigalgs = NULL; - S3I(s)->hs.sigalgs_len = 0; + tls_key_share_free(s->s3->hs.key_share); + s->s3->hs.key_share = NULL; - tls13_key_share_free(S3I(s)->hs_tls13.key_share); - S3I(s)->hs_tls13.key_share = NULL; + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + s->s3->hs.tls13.secrets = NULL; + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + s->s3->hs.tls13.cookie = NULL; + s->s3->hs.tls13.cookie_len = 0; + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); - S3I(s)->hs_tls13.secrets = NULL; - freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); - S3I(s)->hs_tls13.cookie = NULL; - S3I(s)->hs_tls13.cookie_len = 0; - tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); + s->s3->hs.extensions_seen = 0; - S3I(s)->hs.extensions_seen = 0; - - rp = S3I(s)->rbuf.buf; - wp = S3I(s)->wbuf.buf; - rlen = S3I(s)->rbuf.len; - wlen = S3I(s)->wbuf.len; + rp = s->s3->rbuf.buf; + wp = s->s3->wbuf.buf; + rlen = s->s3->rbuf.len; + wlen = s->s3->wbuf.len; tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; - memset(S3I(s), 0, sizeof(*S3I(s))); - internal = S3I(s); memset(s->s3, 0, sizeof(*s->s3)); - S3I(s) = internal; - S3I(s)->rbuf.buf = rp; - S3I(s)->wbuf.buf = wp; - S3I(s)->rbuf.len = rlen; - S3I(s)->wbuf.len = wlen; + s->s3->rbuf.buf = rp; + s->s3->wbuf.buf = wp; + s->s3->rbuf.len = rlen; + s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); /* Not needed... */ - S3I(s)->renegotiate = 0; - S3I(s)->total_renegotiations = 0; - S3I(s)->num_renegotiations = 0; - S3I(s)->in_read_app_data = 0; + s->s3->renegotiate = 0; + s->s3->total_renegotiations = 0; + s->s3->num_renegotiations = 0; + s->s3->in_read_app_data = 0; s->internal->packet_length = 0; s->version = TLS1_VERSION; - S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); + s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); } long _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) { EVP_PKEY *pkey = NULL; - SESS_CERT *sc; int ret = 0; *key = NULL; - if (s->session == NULL || SSI(s)->sess_cert == NULL) - return 0; - - sc = SSI(s)->sess_cert; + if (s->s3->hs.key_share == NULL) + goto err; if ((pkey = EVP_PKEY_new()) == NULL) - return 0; - - if (sc->peer_dh_tmp != NULL) { - if (!EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp)) - goto err; - } else if (sc->peer_ecdh_tmp) { - if (!EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp)) - goto err; - } else if (sc->peer_x25519_tmp != NULL) { - if (!ssl_kex_dummy_ecdhe_x25519(pkey)) - goto err; - } else if (S3I(s)->hs_tls13.key_share != NULL) { - if (!tls13_key_share_peer_pkey(S3I(s)->hs_tls13.key_share, - pkey)) - goto err; - } else { goto err; - } + if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey)) + goto err; *key = pkey; pkey = NULL; @@ -1706,7 +1676,7 @@ _SSL_session_reused(SSL *s) static int _SSL_num_renegotiations(SSL *s) { - return S3I(s)->num_renegotiations; + return s->s3->num_renegotiations; } static int @@ -1714,8 +1684,8 @@ _SSL_clear_num_renegotiations(SSL *s) { int renegs; - renegs = S3I(s)->num_renegotiations; - S3I(s)->num_renegotiations = 0; + renegs = s->s3->num_renegotiations; + s->s3->num_renegotiations = 0; return renegs; } @@ -1723,26 +1693,26 @@ _SSL_clear_num_renegotiations(SSL *s) static int _SSL_total_renegotiations(SSL *s) { - return S3I(s)->total_renegotiations; + return s->s3->total_renegotiations; } static int _SSL_set_tmp_dh(SSL *s, DH *dh) { - DH *dh_tmp; + DH *dhe_params; if (dh == NULL) { SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if ((dh_tmp = DHparams_dup(dh)) == NULL) { + if ((dhe_params = DHparams_dup(dh)) == NULL) { SSLerror(s, ERR_R_DH_LIB); return 0; } - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh_tmp; + DH_free(s->cert->dhe_params); + s->cert->dhe_params = dhe_params; return 1; } @@ -1750,7 +1720,7 @@ _SSL_set_tmp_dh(SSL *s, DH *dh) static int _SSL_set_dh_auto(SSL *s, int state) { - s->cert->dh_tmp_auto = state; + s->cert->dhe_params_auto = state; return 1; } @@ -1778,17 +1748,21 @@ _SSL_set_ecdh_auto(SSL *s, int state) static int _SSL_set_tlsext_host_name(SSL *s, const char *name) { + int is_ip; + CBS cbs; + free(s->tlsext_hostname); s->tlsext_hostname = NULL; if (name == NULL) return 1; - if (strlen(name) > TLSEXT_MAXLEN_host_name) { + CBS_init(&cbs, name, strlen(name)); + + if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = strdup(name)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; @@ -1804,6 +1778,12 @@ _SSL_set_tlsext_debug_arg(SSL *s, void *arg) return 1; } +static int +_SSL_get_tlsext_status_type(SSL *s) +{ + return s->tlsext_status_type; +} + static int _SSL_set_tlsext_status_type(SSL *s, int type) { @@ -1926,6 +1906,64 @@ SSL_set1_groups_list(SSL *s, const char *groups) &s->internal->tlsext_supportedgroups_length, groups); } +static int +_SSL_get_signature_nid(SSL *s, int *nid) +{ + const struct ssl_sigalg *sigalg; + + if ((sigalg = s->s3->hs.our_sigalg) == NULL) + return 0; + + *nid = EVP_MD_type(sigalg->md()); + + return 1; +} + +static int +_SSL_get_peer_signature_nid(SSL *s, int *nid) +{ + const struct ssl_sigalg *sigalg; + + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) + return 0; + + *nid = EVP_MD_type(sigalg->md()); + + return 1; +} + +int +SSL_get_signature_type_nid(const SSL *s, int *nid) +{ + const struct ssl_sigalg *sigalg; + + if ((sigalg = s->s3->hs.our_sigalg) == NULL) + return 0; + + *nid = sigalg->key_type; + if (sigalg->key_type == EVP_PKEY_RSA && + (sigalg->flags & SIGALG_FLAG_RSA_PSS)) + *nid = EVP_PKEY_RSA_PSS; + + return 1; +} + +int +SSL_get_peer_signature_type_nid(const SSL *s, int *nid) +{ + const struct ssl_sigalg *sigalg; + + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) + return 0; + + *nid = sigalg->key_type; + if (sigalg->key_type == EVP_PKEY_RSA && + (sigalg->flags & SIGALG_FLAG_RSA_PSS)) + *nid = EVP_PKEY_RSA_PSS; + + return 1; +} + long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { @@ -1972,6 +2010,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: return _SSL_set_tlsext_debug_arg(s, parg); + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: + return _SSL_get_tlsext_status_type(s); + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: return _SSL_set_tlsext_status_type(s, larg); @@ -2036,6 +2077,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; return SSL_set_max_proto_version(s, larg); + case SSL_CTRL_GET_SIGNATURE_NID: + return _SSL_get_signature_nid(s, parg); + + case SSL_CTRL_GET_PEER_SIGNATURE_NID: + return _SSL_get_peer_signature_nid(s, parg); + /* * Legacy controls that should eventually be removed. */ @@ -2066,7 +2113,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) return 0; case SSL_CTRL_SET_TMP_DH_CB: - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; return 1; case SSL_CTRL_SET_TMP_ECDH_CB: @@ -2084,15 +2131,20 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) static int _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) { - DH *dh_tmp; + DH *dhe_params; - if ((dh_tmp = DHparams_dup(dh)) == NULL) { + if (dh == NULL) { + SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((dhe_params = DHparams_dup(dh)) == NULL) { SSLerrorx(ERR_R_DH_LIB); return 0; } - DH_free(ctx->internal->cert->dh_tmp); - ctx->internal->cert->dh_tmp = dh_tmp; + DH_free(ctx->internal->cert->dhe_params); + ctx->internal->cert->dhe_params = dhe_params; return 1; } @@ -2100,7 +2152,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) static int _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) { - ctx->internal->cert->dh_tmp_auto = state; + ctx->internal->cert->dhe_params_auto = state; return 1; } @@ -2387,7 +2439,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return 0; case SSL_CTRL_SET_TMP_DH_CB: - ctx->internal->cert->dh_tmp_cb = + ctx->internal->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; return 1; @@ -2416,51 +2468,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return 0; } -/* - * This function needs to check if the ciphers required are actually available. - */ -const SSL_CIPHER * -ssl3_get_cipher_by_char(const unsigned char *p) -{ - uint16_t cipher_value; - CBS cbs; - - /* We have to assume it is at least 2 bytes due to existing API. */ - CBS_init(&cbs, p, 2); - if (!CBS_get_u16(&cbs, &cipher_value)) - return NULL; - - return ssl3_get_cipher_by_value(cipher_value); -} - -int -ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) -{ - CBB cbb; - - if (p == NULL) - return (2); - - if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) - return (0); - - memset(&cbb, 0, sizeof(cbb)); - - /* We have to assume it is at least 2 bytes due to existing API. */ - if (!CBB_init_fixed(&cbb, p, 2)) - goto err; - if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(c))) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return (2); - - err: - CBB_cleanup(&cbb); - return (0); -} - SSL_CIPHER * ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) @@ -2470,7 +2477,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; int can_use_ecc; int i, ii, ok; - CERT *cert; + SSL_CERT *cert; /* Let's see which ciphers we can support */ cert = s->cert; @@ -2548,7 +2555,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) { unsigned long alg_k; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST) != 0) { @@ -2592,7 +2599,7 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { + if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) { s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } @@ -2602,13 +2609,13 @@ ssl3_shutdown(SSL *s) ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * Our shutdown alert has been sent now, and if it still needs - * to be written, S3I(s)->alert_dispatch will be true + * to be written, s->s3->alert_dispatch will be true */ - if (S3I(s)->alert_dispatch) - return(-1); /* return WANT_WRITE */ - } else if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) + return (-1); /* return WANT_WRITE */ + } else if (s->s3->alert_dispatch) { /* resend it if not sent */ - ret = s->method->ssl_dispatch_alert(s); + ret = ssl3_dispatch_alert(s); if (ret == -1) { /* * We only get to return -1 here the 2nd/Nth @@ -2620,14 +2627,14 @@ ssl3_shutdown(SSL *s) } } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ - s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, 0, 0); if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return(-1); /* return WANT_READ */ + return (-1); /* return WANT_READ */ } } if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !S3I(s)->alert_dispatch) + !s->s3->alert_dispatch) return (1); else return (0); @@ -2638,11 +2645,11 @@ ssl3_write(SSL *s, const void *buf, int len) { errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); - return s->method->internal->ssl_write_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len); } static int @@ -2651,25 +2658,26 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) int ret; errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); - S3I(s)->in_read_app_data = 1; - ret = s->method->internal->ssl_read_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len, peek); - if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { + s->s3->in_read_app_data = 1; + + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + peek); + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* - * ssl3_read_bytes decided to call s->internal->handshake_func, which - * called ssl3_read_bytes to read handshake data. + * ssl3_read_bytes decided to call s->internal->handshake_func, + * which called ssl3_read_bytes to read handshake data. * However, ssl3_read_bytes actually found application data * and thinks that application data makes sense here; so disable * handshake processing and try to read application data again. */ s->internal->in_handshake++; - ret = s->method->internal->ssl_read_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len, peek); s->internal->in_handshake--; } else - S3I(s)->in_read_app_data = 0; + s->s3->in_read_app_data = 0; return (ret); } @@ -2690,49 +2698,28 @@ int ssl3_renegotiate(SSL *s) { if (s->internal->handshake_func == NULL) - return (1); + return 1; if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return (0); + return 0; - S3I(s)->renegotiate = 1; - return (1); + s->s3->renegotiate = 1; + + return 1; } int ssl3_renegotiate_check(SSL *s) { - int ret = 0; + if (!s->s3->renegotiate) + return 0; + if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0) + return 0; - if (S3I(s)->renegotiate) { - if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) && - !SSL_in_init(s)) { - /* - * If we are the server, and we have sent - * a 'RENEGOTIATE' message, we need to go - * to SSL_ST_ACCEPT. - */ - /* SSL_ST_ACCEPT */ - S3I(s)->hs.state = SSL_ST_RENEGOTIATE; - S3I(s)->renegotiate = 0; - S3I(s)->num_renegotiations++; - S3I(s)->total_renegotiations++; - ret = 1; - } - } - return (ret); -} -/* - * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF - * and handshake macs if required. - */ -long -ssl_get_algorithm2(SSL *s) -{ - long alg2 = S3I(s)->hs.new_cipher->algorithm2; + s->s3->hs.state = SSL_ST_RENEGOTIATE; + s->s3->renegotiate = 0; + s->s3->num_renegotiations++; + s->s3->total_renegotiations++; - if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; + return 1; } diff --git a/externals/libressl/ssl/srtp.h b/externals/libressl/ssl/srtp.h index 6daa02a79..89ce86202 100755 --- a/externals/libressl/ssl/srtp.h +++ b/externals/libressl/ssl/srtp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */ +/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -129,6 +129,10 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +/* AEAD SRTP protection profiles from RFC 7714 */ +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); diff --git a/externals/libressl/ssl/ssl.sym b/externals/libressl/ssl/ssl.sym index e094c2ae6..d18bcc4b2 100755 --- a/externals/libressl/ssl/ssl.sym +++ b/externals/libressl/ssl/ssl.sym @@ -10,6 +10,9 @@ DTLS_server_method DTLSv1_client_method DTLSv1_method DTLSv1_server_method +DTLSv1_2_client_method +DTLSv1_2_method +DTLSv1_2_server_method SSLv23_client_method SSLv23_method SSLv23_server_method @@ -33,6 +36,7 @@ d2i_SSL_SESSION i2d_SSL_SESSION ERR_load_SSL_strings SSL_CIPHER_description +SSL_CIPHER_find SSL_CIPHER_get_auth_nid SSL_CIPHER_get_bits SSL_CIPHER_get_by_id @@ -61,6 +65,7 @@ SSL_CTX_free SSL_CTX_get0_certificate SSL_CTX_get0_chain_certs SSL_CTX_get0_param +SSL_CTX_get0_privatekey SSL_CTX_get_cert_store SSL_CTX_get_ciphers SSL_CTX_get_client_CA_list @@ -70,9 +75,13 @@ SSL_CTX_get_default_passwd_cb_userdata SSL_CTX_get_ex_data SSL_CTX_get_ex_new_index SSL_CTX_get_info_callback +SSL_CTX_get_keylog_callback +SSL_CTX_get_max_early_data SSL_CTX_get_max_proto_version SSL_CTX_get_min_proto_version +SSL_CTX_get_num_tickets SSL_CTX_get_quiet_shutdown +SSL_CTX_get_ssl_method SSL_CTX_get_timeout SSL_CTX_get_verify_callback SSL_CTX_get_verify_depth @@ -98,6 +107,7 @@ SSL_CTX_set_alpn_select_cb SSL_CTX_set_cert_store SSL_CTX_set_cert_verify_callback SSL_CTX_set_cipher_list +SSL_CTX_set_ciphersuites SSL_CTX_set_client_CA_list SSL_CTX_set_client_cert_cb SSL_CTX_set_client_cert_engine @@ -109,11 +119,15 @@ SSL_CTX_set_default_verify_paths SSL_CTX_set_ex_data SSL_CTX_set_generate_session_id SSL_CTX_set_info_callback +SSL_CTX_set_keylog_callback +SSL_CTX_set_max_early_data SSL_CTX_set_max_proto_version SSL_CTX_set_min_proto_version SSL_CTX_set_msg_callback SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_protos_advertised_cb +SSL_CTX_set_num_tickets +SSL_CTX_set_post_handshake_auth SSL_CTX_set_purpose SSL_CTX_set_quiet_shutdown SSL_CTX_set_session_id_context @@ -139,6 +153,7 @@ SSL_CTX_use_certificate_chain_file SSL_CTX_use_certificate_chain_mem SSL_CTX_use_certificate_file SSL_SESSION_free +SSL_SESSION_get0_cipher SSL_SESSION_get0_id_context SSL_SESSION_get0_peer SSL_SESSION_get_compress_id @@ -146,17 +161,20 @@ SSL_SESSION_get_ex_data SSL_SESSION_get_ex_new_index SSL_SESSION_get_id SSL_SESSION_get_master_key +SSL_SESSION_get_max_early_data SSL_SESSION_get_protocol_version SSL_SESSION_get_ticket_lifetime_hint SSL_SESSION_get_time SSL_SESSION_get_timeout SSL_SESSION_has_ticket +SSL_SESSION_is_resumable SSL_SESSION_new SSL_SESSION_print SSL_SESSION_print_fp SSL_SESSION_set1_id SSL_SESSION_set1_id_context SSL_SESSION_set_ex_data +SSL_SESSION_set_max_early_data SSL_SESSION_set_time SSL_SESSION_set_timeout SSL_SESSION_up_ref @@ -187,6 +205,8 @@ SSL_get0_alpn_selected SSL_get0_chain_certs SSL_get0_next_proto_negotiated SSL_get0_param +SSL_get0_peername +SSL_get0_verified_chain SSL_get1_session SSL_get1_supported_ciphers SSL_get_SSL_CTX @@ -200,6 +220,7 @@ SSL_get_current_cipher SSL_get_current_compression SSL_get_current_expansion SSL_get_default_timeout +SSL_get_early_data_status SSL_get_error SSL_get_ex_data SSL_get_ex_data_X509_STORE_CTX_idx @@ -207,8 +228,10 @@ SSL_get_ex_new_index SSL_get_fd SSL_get_finished SSL_get_info_callback +SSL_get_max_early_data SSL_get_max_proto_version SSL_get_min_proto_version +SSL_get_num_tickets SSL_get_peer_cert_chain SSL_get_peer_certificate SSL_get_peer_finished @@ -234,14 +257,18 @@ SSL_get_version SSL_get_wbio SSL_get_wfd SSL_has_matching_session_id +SSL_is_dtls SSL_is_server SSL_library_init SSL_load_client_CA_file SSL_load_error_strings SSL_new SSL_peek +SSL_peek_ex SSL_pending SSL_read +SSL_read_early_data +SSL_read_ex SSL_renegotiate SSL_renegotiate_abbreviated SSL_renegotiate_pending @@ -249,6 +276,7 @@ SSL_rstate_string SSL_rstate_string_long SSL_select_next_proto SSL_set0_chain +SSL_set0_rbio SSL_set1_chain SSL_set1_groups SSL_set1_groups_list @@ -259,16 +287,22 @@ SSL_set_accept_state SSL_set_alpn_protos SSL_set_bio SSL_set_cipher_list +SSL_set_ciphersuites SSL_set_client_CA_list SSL_set_connect_state SSL_set_debug SSL_set_ex_data SSL_set_fd SSL_set_generate_session_id +SSL_set_hostflags SSL_set_info_callback +SSL_set_max_early_data SSL_set_max_proto_version SSL_set_min_proto_version SSL_set_msg_callback +SSL_set_num_tickets +SSL_set_post_handshake_auth +SSL_set_psk_use_session_callback SSL_set_purpose SSL_set_quiet_shutdown SSL_set_read_ahead @@ -303,9 +337,13 @@ SSL_use_RSAPrivateKey_ASN1 SSL_use_RSAPrivateKey_file SSL_use_certificate SSL_use_certificate_ASN1 +SSL_use_certificate_chain_file SSL_use_certificate_file +SSL_verify_client_post_handshake SSL_version SSL_version_str SSL_want SSL_write +SSL_write_early_data +SSL_write_ex OPENSSL_init_ssl diff --git a/externals/libressl/ssl/ssl_algs.c b/externals/libressl/ssl/ssl_algs.c index bb736c5de..5ecbb3460 100755 --- a/externals/libressl/ssl/ssl_algs.c +++ b/externals/libressl/ssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.28 2019/04/04 16:44:24 jsing Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.30 2022/01/14 08:38:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +60,7 @@ #include #include +#include #include "ssl_locl.h" @@ -112,7 +113,6 @@ SSL_library_init(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); - EVP_add_digest(EVP_ecdsa()); #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); diff --git a/externals/libressl/ssl/ssl_asn1.c b/externals/libressl/ssl/ssl_asn1.c index 94fc8685f..70a50acc5 100755 --- a/externals/libressl/ssl/ssl_asn1.c +++ b/externals/libressl/ssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.57 2018/08/27 16:42:48 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.61 2022/01/11 18:39:28 jsing Exp $ */ /* * Copyright (c) 2016 Joel Sing * @@ -20,9 +20,8 @@ #include #include -#include "ssl_locl.h" - #include "bytestring.h" +#include "ssl_locl.h" #define SSLASN1_TAG (CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC) #define SSLASN1_TIME_TAG (SSLASN1_TAG | 1) @@ -114,8 +113,8 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len, } /* Peer certificate [3]. */ - if (s->peer != NULL) { - if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0) + if (s->peer_cert != NULL) { + if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0) goto err; if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) goto err; @@ -331,10 +330,10 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) goto err; if (timeout != 0) s->timeout = (long)timeout; - + /* Peer certificate [3]. */ - X509_free(s->peer); - s->peer = NULL; + X509_free(s->peer_cert); + s->peer_cert = NULL; if (!CBS_get_optional_asn1(&session, &peer_cert, &present, SSLASN1_PEER_CERT_TAG)) goto err; @@ -343,7 +342,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) if (data_len > LONG_MAX) goto err; peer_cert_bytes = CBS_data(&peer_cert); - if (d2i_X509(&s->peer, &peer_cert_bytes, + if (d2i_X509(&s->peer_cert, &peer_cert_bytes, (long)data_len) == NULL) goto err; } @@ -383,22 +382,19 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) if (!CBS_strdup(&hostname, &s->tlsext_hostname)) goto err; } - + /* PSK identity hint [7]. */ /* PSK identity [8]. */ /* Ticket lifetime [9]. */ s->tlsext_tick_lifetime_hint = 0; - /* XXX - tlsext_ticklen is not yet set... */ - if (s->tlsext_ticklen > 0 && s->session_id_length > 0) - s->tlsext_tick_lifetime_hint = -1; if (!CBS_get_optional_asn1_uint64(&session, &lifetime, SSLASN1_LIFETIME_TAG, 0)) goto err; - if (lifetime > LONG_MAX) + if (lifetime > UINT32_MAX) goto err; if (lifetime > 0) - s->tlsext_tick_lifetime_hint = (long)lifetime; + s->tlsext_tick_lifetime_hint = (uint32_t)lifetime; /* Ticket [10]. */ free(s->tlsext_tick); @@ -421,7 +417,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) return (s); -err: + err: ERR_asprintf_error_data("offset=%d", (int)(CBS_data(&cbs) - *pp)); if (s != NULL && (a == NULL || *a != s)) diff --git a/externals/libressl/ssl/ssl_both.c b/externals/libressl/ssl/ssl_both.c index 5da450b5c..cfd32387d 100755 --- a/externals/libressl/ssl/ssl_both.c +++ b/externals/libressl/ssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.20 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.42 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,14 +118,14 @@ #include #include -#include "ssl_locl.h" - #include #include #include #include #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" /* * Send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or @@ -150,10 +150,8 @@ ssl3_do_write(SSL *s, int type) (unsigned char *)&s->internal->init_buf->data[s->internal->init_off], ret); if (ret == s->internal->init_num) { - if (s->internal->msg_callback) - s->internal->msg_callback(1, s->version, type, s->internal->init_buf->data, - (size_t)(s->internal->init_off + s->internal->init_num), s, - s->internal->msg_callback_arg); + ssl_msg_callback(s, 1, type, s->internal->init_buf->data, + (size_t)(s->internal->init_off + s->internal->init_num)); return (1); } @@ -164,42 +162,39 @@ ssl3_do_write(SSL *s, int type) } int -ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) +ssl3_send_finished(SSL *s, int state_a, int state_b) { CBB cbb, finished; - int md_len; memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == a) { - md_len = TLS1_FINISH_MAC_LENGTH; - OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - - if (tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.finish_md) != md_len) - return (0); - S3I(s)->tmp.finish_md_len = md_len; + if (s->s3->hs.state == state_a) { + if (!tls12_derive_finished(s)) + goto err; /* Copy finished so we can use it for renegotiation checks. */ - if (s->internal->type == SSL_ST_CONNECT) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.finish_md, md_len); - S3I(s)->previous_client_finished_len = md_len; + if (!s->server) { + memcpy(s->s3->previous_client_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_client_finished_len = + s->s3->hs.finished_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.finish_md, md_len); - S3I(s)->previous_server_finished_len = md_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_server_finished_len = + s->s3->hs.finished_len; } if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; - if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len)) + if (!CBB_add_bytes(&finished, s->s3->hs.finished, + s->s3->hs.finished_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = b; + s->s3->hs.state = state_b; } return (ssl3_handshake_write(s)); @@ -210,104 +205,65 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) return (-1); } -/* - * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen - * so far. - */ -static void -ssl3_take_mac(SSL *s) -{ - const char *sender; - int slen; - - /* - * If no new cipher setup return immediately: other functions will - * set the appropriate error. - */ - if (S3I(s)->hs.new_cipher == NULL) - return; - - if (S3I(s)->hs.state & SSL_ST_CONNECT) { - sender = TLS_MD_SERVER_FINISH_CONST; - slen = TLS_MD_SERVER_FINISH_CONST_SIZE; - } else { - sender = TLS_MD_CLIENT_FINISH_CONST; - slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; - } - - S3I(s)->tmp.peer_finish_md_len = - tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.peer_finish_md); -} - int ssl3_get_finished(SSL *s, int a, int b) { - int al, ok, md_len; - long n; + int al, md_len, ret; CBS cbs; /* should actually be 36+4 :-) */ - n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64)) <= 0) + return ret; /* If this occurs, we have missed a message */ - if (!S3I(s)->change_cipher_spec) { + if (!s->s3->change_cipher_spec) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto f_err; + goto fatal_err; } - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; md_len = TLS1_FINISH_MAC_LENGTH; - if (n < 0) { + if (s->internal->init_num < 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto f_err; + goto fatal_err; } - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->tmp.peer_finish_md_len != md_len || + if (s->s3->hs.peer_finished_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); - goto f_err; + goto fatal_err; } - if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { + if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); - goto f_err; + goto fatal_err; } /* Copy finished so we can use it for renegotiation checks. */ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - if (s->internal->type == SSL_ST_ACCEPT) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.peer_finish_md, md_len); - S3I(s)->previous_client_finished_len = md_len; + if (s->server) { + memcpy(s->s3->previous_client_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_client_finished_len = md_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.peer_finish_md, md_len); - S3I(s)->previous_server_finished_len = md_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_server_finished_len = md_len; } return (1); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (0); } -/* for these 2 messages, we need to - * ssl->enc_read_ctx re-init - * ssl->s3->internal->read_sequence zero - * ssl->s3->internal->read_mac_secret re-init - * ssl->session->read_sym_enc assign - * ssl->session->read_hash assign - */ int ssl3_send_change_cipher_spec(SSL *s, int a, int b) { @@ -316,7 +272,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == a) { + if (s->s3->hs.state == a) { if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, s->internal->init_buf->length)) goto err; @@ -331,15 +287,15 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) s->internal->init_num = (int)outlen; s->internal->init_off = 0; - if (SSL_IS_DTLS(s)) { - D1I(s)->handshake_write_seq = - D1I(s)->next_handshake_write_seq; + if (SSL_is_dtls(s)) { + s->d1->handshake_write_seq = + s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - D1I(s)->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); dtls1_buffer_message(s, 1); } - S3I(s)->hs.state = b; + s->s3->hs.state = b; } /* SSL3_ST_CW_CHANGE_B */ @@ -378,7 +334,7 @@ ssl3_add_cert(CBB *cbb, X509 *x) } int -ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) +ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk) { X509_STORE_CTX *xs_ctx = NULL; STACK_OF(X509) *chain; @@ -408,9 +364,11 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) SSLerror(s, ERR_R_X509_LIB); goto err; } + X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xs_ctx), + X509_V_FLAG_LEGACY_VERIFY); X509_verify_cert(xs_ctx); ERR_clear_error(); - chain = xs_ctx->chain; + chain = X509_STORE_CTX_get0_chain(xs_ctx); } for (i = 0; i < sk_X509_num(chain); i++) { @@ -437,8 +395,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk) * The first four bytes (msg_type and length) are read in state 'st1', * the body is read in state 'stn'. */ -long -ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +int +ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) { unsigned char *p; uint32_t l; @@ -447,36 +405,34 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) CBS cbs; uint8_t u8; - if (SSL_IS_DTLS(s)) - return (dtls1_get_message(s, st1, stn, mt, max, ok)); + if (SSL_is_dtls(s)) + return dtls1_get_message(s, st1, stn, mt, max); - if (S3I(s)->tmp.reuse_message) { - S3I(s)->tmp.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } - *ok = 1; - s->internal->init_msg = s->internal->init_buf->data + 4; - s->internal->init_num = (int)S3I(s)->tmp.message_size; - return s->internal->init_num; + s->internal->init_msg = s->internal->init_buf->data + + SSL3_HM_HEADER_LENGTH; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; + return 1; } p = (unsigned char *)s->internal->init_buf->data; - /* s->internal->init_num < 4 */ - if (S3I(s)->hs.state == st1) { + if (s->s3->hs.state == st1) { int skip_message; do { - while (s->internal->init_num < 4) { - i = s->method->internal->ssl_read_bytes(s, + while (s->internal->init_num < SSL3_HM_HEADER_LENGTH) { + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], - 4 - s->internal->init_num, 0); + SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0); if (i <= 0) { s->internal->rwstate = SSL_READING; - *ok = 0; return i; } s->internal->init_num += i; @@ -494,115 +450,94 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s->internal->init_num = 0; skip_message = 1; - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, - SSL3_RT_HANDSHAKE, p, 4, s, - s->internal->msg_callback_arg); + ssl_msg_callback(s, 0, + SSL3_RT_HANDSHAKE, p, + SSL3_HM_HEADER_LENGTH); } } } while (skip_message); - /* s->internal->init_num == 4 */ - if ((mt >= 0) && (*p != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } - CBS_init(&cbs, p, 4); + CBS_init(&cbs, p, SSL3_HM_HEADER_LENGTH); if (!CBS_get_u8(&cbs, &u8) || !CBS_get_u24(&cbs, &l)) { SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->tmp.message_type = u8; + s->s3->hs.tls12.message_type = u8; if (l > (unsigned long)max) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; + goto fatal_err; } - if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { + if (l && !BUF_MEM_grow_clean(s->internal->init_buf, + l + SSL3_HM_HEADER_LENGTH)) { SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->tmp.message_size = l; - S3I(s)->hs.state = stn; + s->s3->hs.tls12.message_size = l; + s->s3->hs.state = stn; - s->internal->init_msg = s->internal->init_buf->data + 4; + s->internal->init_msg = s->internal->init_buf->data + + SSL3_HM_HEADER_LENGTH; s->internal->init_num = 0; } /* next state (stn) */ p = s->internal->init_msg; - n = S3I(s)->tmp.message_size - s->internal->init_num; + n = s->s3->hs.tls12.message_size - s->internal->init_num; while (n > 0) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], n, 0); if (i <= 0) { s->internal->rwstate = SSL_READING; - *ok = 0; return i; } s->internal->init_num += i; n -= i; } - /* If receiving Finished, record MAC of prior handshake messages for - * Finished verification. */ - if (*s->internal->init_buf->data == SSL3_MT_FINISHED) - ssl3_take_mac(s); - /* Feed this message into MAC computation. */ if (s->internal->mac_packet) { tls1_transcript_record(s, (unsigned char *)s->internal->init_buf->data, - s->internal->init_num + 4); + s->internal->init_num + SSL3_HM_HEADER_LENGTH); - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, - SSL3_RT_HANDSHAKE, s->internal->init_buf->data, - (size_t)s->internal->init_num + 4, s, - s->internal->msg_callback_arg); + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, + s->internal->init_buf->data, + (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH); } - *ok = 1; - return (s->internal->init_num); + return 1; -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: - *ok = 0; - return (-1); + err: + return -1; } int -ssl_cert_type(X509 *x, EVP_PKEY *pkey) +ssl_cert_type(EVP_PKEY *pkey) { - EVP_PKEY *pk; - int ret = -1, i; - if (pkey == NULL) - pk = X509_get_pubkey(x); - else - pk = pkey; - if (pk == NULL) - goto err; + return -1; - i = pk->type; - if (i == EVP_PKEY_RSA) { - ret = SSL_PKEY_RSA; - } else if (i == EVP_PKEY_EC) { - ret = SSL_PKEY_ECC; - } else if (i == NID_id_GostR3410_2001 || - i == NID_id_GostR3410_2001_cc) { - ret = SSL_PKEY_GOST01; + switch (EVP_PKEY_id(pkey)) { + case EVP_PKEY_EC: + return SSL_PKEY_ECC; + case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001_cc: + return SSL_PKEY_GOST01; + case EVP_PKEY_RSA: + return SSL_PKEY_RSA; } -err: - if (!pkey) - EVP_PKEY_free(pk); - return (ret); + return -1; } int @@ -681,7 +616,7 @@ ssl3_setup_init_buffer(SSL *s) s->internal->init_buf = buf; return (1); -err: + err: BUF_MEM_free(buf); return (0); } @@ -702,26 +637,26 @@ ssl3_setup_read_buffer(SSL *s) unsigned char *p; size_t len, align, headerlen; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->rbuf.buf == NULL) { + if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->rbuf.buf = p; - S3I(s)->rbuf.len = len; + s->s3->rbuf.buf = p; + s->s3->rbuf.len = len; } - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; return 1; -err: + err: SSLerror(s, ERR_R_MALLOC_FAILURE); return 0; } @@ -732,14 +667,14 @@ ssl3_setup_write_buffer(SSL *s) unsigned char *p; size_t len, align, headerlen; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->wbuf.buf == NULL) { + if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) @@ -748,13 +683,13 @@ ssl3_setup_write_buffer(SSL *s) if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->wbuf.buf = p; - S3I(s)->wbuf.len = len; + s->s3->wbuf.buf = p; + s->s3->wbuf.len = len; } return 1; -err: + err: SSLerror(s, ERR_R_MALLOC_FAILURE); return 0; } @@ -780,11 +715,11 @@ ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b) void ssl3_release_read_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); } void ssl3_release_write_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->wbuf); + ssl3_release_buffer(&s->s3->wbuf); } diff --git a/externals/libressl/ssl/ssl_cert.c b/externals/libressl/ssl/ssl_cert.c index 43e833196..30e99ad18 100755 --- a/externals/libressl/ssl/ssl_cert.c +++ b/externals/libressl/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.78 2020/06/05 17:55:24 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.95 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,12 +158,12 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } -CERT * +SSL_CERT * ssl_cert_new(void) { - CERT *ret; + SSL_CERT *ret; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); @@ -173,13 +173,13 @@ ssl_cert_new(void) return (ret); } -CERT * -ssl_cert_dup(CERT *cert) +SSL_CERT * +ssl_cert_dup(SSL_CERT *cert) { - CERT *ret; + SSL_CERT *ret; int i; - ret = calloc(1, sizeof(CERT)); + ret = calloc(1, sizeof(SSL_CERT)); if (ret == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); @@ -195,44 +195,25 @@ ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->dh_tmp != NULL) { - ret->dh_tmp = DHparams_dup(cert->dh_tmp); - if (ret->dh_tmp == NULL) { + if (cert->dhe_params != NULL) { + ret->dhe_params = DHparams_dup(cert->dhe_params); + if (ret->dhe_params == NULL) { SSLerrorx(ERR_R_DH_LIB); goto err; } - if (cert->dh_tmp->priv_key) { - BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); - if (!b) { - SSLerrorx(ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->priv_key = b; - } - if (cert->dh_tmp->pub_key) { - BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); - if (!b) { - SSLerrorx(ERR_R_BN_LIB); - goto err; - } - ret->dh_tmp->pub_key = b; - } } - ret->dh_tmp_cb = cert->dh_tmp_cb; - ret->dh_tmp_auto = cert->dh_tmp_auto; + ret->dhe_params_cb = cert->dhe_params_cb; + ret->dhe_params_auto = cert->dhe_params_auto; for (i = 0; i < SSL_PKEY_NUM; i++) { if (cert->pkeys[i].x509 != NULL) { ret->pkeys[i].x509 = cert->pkeys[i].x509; - CRYPTO_add(&ret->pkeys[i].x509->references, 1, - CRYPTO_LOCK_X509); + X509_up_ref(ret->pkeys[i].x509); } if (cert->pkeys[i].privatekey != NULL) { ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; - CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, - CRYPTO_LOCK_EVP_PKEY); - + EVP_PKEY_up_ref(ret->pkeys[i].privatekey); switch (i) { /* * If there was anything special to do for @@ -275,7 +256,7 @@ ssl_cert_dup(CERT *cert) return (ret); err: - DH_free(ret->dh_tmp); + DH_free(ret->dhe_params); for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(ret->pkeys[i].x509); @@ -288,7 +269,7 @@ ssl_cert_dup(CERT *cert) void -ssl_cert_free(CERT *c) +ssl_cert_free(SSL_CERT *c) { int i; @@ -299,7 +280,7 @@ ssl_cert_free(CERT *c) if (i > 0) return; - DH_free(c->dh_tmp); + DH_free(c->dhe_params); for (i = 0; i < SSL_PKEY_NUM; i++) { X509_free(c->pkeys[i].x509); @@ -311,7 +292,7 @@ ssl_cert_free(CERT *c) } int -ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain) { if (c->key == NULL) return 0; @@ -323,7 +304,7 @@ ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) } int -ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) +ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain) { STACK_OF(X509) *new_chain = NULL; @@ -340,7 +321,7 @@ ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) } int -ssl_cert_add0_chain_cert(CERT *c, X509 *cert) +ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert) { if (c->key == NULL) return 0; @@ -356,7 +337,7 @@ ssl_cert_add0_chain_cert(CERT *c, X509 *cert) } int -ssl_cert_add1_chain_cert(CERT *c, X509 *cert) +ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert) { if (!ssl_cert_add0_chain_cert(c, cert)) return 0; @@ -366,88 +347,61 @@ ssl_cert_add1_chain_cert(CERT *c, X509 *cert) return 1; } -SESS_CERT * -ssl_sess_cert_new(void) -{ - SESS_CERT *ret; - - ret = calloc(1, sizeof *ret); - if (ret == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA]); - ret->references = 1; - - return ret; -} - -void -ssl_sess_cert_free(SESS_CERT *sc) -{ - int i; - - if (sc == NULL) - return; - - i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); - if (i > 0) - return; - - sk_X509_pop_free(sc->cert_chain, X509_free); - for (i = 0; i < SSL_PKEY_NUM; i++) - X509_free(sc->peer_pkeys[i].x509); - - DH_free(sc->peer_dh_tmp); - EC_KEY_free(sc->peer_ecdh_tmp); - free(sc->peer_x25519_tmp); - - free(sc); -} - int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { - X509_STORE_CTX ctx; + X509_STORE_CTX *ctx = NULL; X509 *x; - int ret; + int ret = 0; if ((sk == NULL) || (sk_X509_num(sk) == 0)) - return (0); + goto err; + + if ((ctx = X509_STORE_CTX_new()) == NULL) + goto err; x = sk_X509_value(sk, 0); - if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { + if (!X509_STORE_CTX_init(ctx, s->ctx->cert_store, x, sk)) { SSLerror(s, ERR_R_X509_LIB); - return (0); + goto err; } - X509_STORE_CTX_set_ex_data(&ctx, - SSL_get_ex_data_X509_STORE_CTX_idx(), s); + X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* * We need to inherit the verify parameters. These can be * determined by the context: if its a server it will verify * SSL client certificates or vice versa. */ - X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server"); /* * Anything non-default in "param" should overwrite anything * in the ctx. */ - X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(ctx), s->param); if (s->internal->verify_callback) - X509_STORE_CTX_set_verify_cb(&ctx, s->internal->verify_callback); + X509_STORE_CTX_set_verify_cb(ctx, s->internal->verify_callback); if (s->ctx->internal->app_verify_callback != NULL) - ret = s->ctx->internal->app_verify_callback(&ctx, + ret = s->ctx->internal->app_verify_callback(ctx, s->ctx->internal->app_verify_arg); else - ret = X509_verify_cert(&ctx); + ret = X509_verify_cert(ctx); - s->verify_result = ctx.error; - X509_STORE_CTX_cleanup(&ctx); + s->verify_result = X509_STORE_CTX_get_error(ctx); + sk_X509_pop_free(s->internal->verified_chain, X509_free); + s->internal->verified_chain = NULL; + if (X509_STORE_CTX_get0_chain(ctx) != NULL) { + s->internal->verified_chain = X509_STORE_CTX_get1_chain(ctx); + if (s->internal->verified_chain == NULL) { + SSLerrorx(ERR_R_MALLOC_FAILURE); + ret = 0; + } + } + + err: + X509_STORE_CTX_free(ctx); return (ret); } @@ -505,10 +459,10 @@ SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) STACK_OF(X509_NAME) * SSL_get_client_CA_list(const SSL *s) { - if (s->internal->type == SSL_ST_CONNECT) { + if (!s->server) { /* We are in the client. */ if ((s->version >> 8) == SSL3_VERSION_MAJOR) - return (S3I(s)->tmp.ca_names); + return (s->s3->hs.tls12.ca_names); else return (NULL); } else { @@ -575,7 +529,7 @@ SSL_load_client_CA_file(const char *file) sk = sk_X509_NAME_new(xname_cmp); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if ((sk == NULL) || (in == NULL)) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -595,21 +549,24 @@ SSL_load_client_CA_file(const char *file) goto err; } } - if ((xn = X509_get_subject_name(x)) == NULL) goto err; - /* check for duplicates */ + if ((xn = X509_get_subject_name(x)) == NULL) + goto err; + /* check for duplicates */ xn = X509_NAME_dup(xn); if (xn == NULL) goto err; if (sk_X509_NAME_find(sk, xn) >= 0) X509_NAME_free(xn); else { - sk_X509_NAME_push(sk, xn); - sk_X509_NAME_push(ret, xn); + if (!sk_X509_NAME_push(sk, xn)) + goto err; + if (!sk_X509_NAME_push(ret, xn)) + goto err; } } if (0) { -err: + err: sk_X509_NAME_pop_free(ret, X509_NAME_free); ret = NULL; } @@ -643,7 +600,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -656,20 +613,22 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, for (;;) { if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) break; - if ((xn = X509_get_subject_name(x)) == NULL) goto err; - xn = X509_NAME_dup(xn); + if ((xn = X509_get_subject_name(x)) == NULL) + goto err; + xn = X509_NAME_dup(xn); if (xn == NULL) goto err; if (sk_X509_NAME_find(stack, xn) >= 0) X509_NAME_free(xn); else - sk_X509_NAME_push(stack, xn); + if (!sk_X509_NAME_push(stack, xn)) + goto err; } ERR_clear_error(); if (0) { -err: + err: ret = 0; } BIO_free(in); diff --git a/externals/libressl/ssl/ssl_ciph.c b/externals/libressl/ssl/ssl_ciph.c index fd576cee7..2bc9f8ea4 100755 --- a/externals/libressl/ssl/ssl_ciph.c +++ b/externals/libressl/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.119 2020/09/13 16:49:05 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.127 2022/03/05 07:13:48 bket Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,6 +143,7 @@ #include #include +#include #ifndef OPENSSL_NO_ENGINE #include @@ -447,7 +448,7 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, /* * This function does not handle EVP_AEAD. - * See ssl_cipher_get_aead_evp instead. + * See ssl_cipher_get_evp_aead instead. */ if (ss->cipher->algorithm_mac & SSL_AEAD) return 0; @@ -559,9 +560,21 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead) int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) { + unsigned long handshake_mac; + *md = NULL; - switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) { + if (s->s3->hs.cipher == NULL) + return 0; + + handshake_mac = s->s3->hs.cipher->algorithm2 & + SSL_HANDSHAKE_MAC_MASK; + + /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ + if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT) + handshake_mac = SSL_HANDSHAKE_MAC_SHA256; + + switch (handshake_mac) { case SSL_HANDSHAKE_MAC_DEFAULT: *md = EVP_md5_sha1(); return 1; @@ -668,7 +681,10 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); - /* drop those that use any of that is not available */ + /* + * Drop any invalid ciphers and any which use unavailable + * algorithms. + */ if ((c != NULL) && c->valid && !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && @@ -1215,7 +1231,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, * in ciphers. We cannot get more than the number compiled in, so * it is used for allocation. */ - num_of_ciphers = ssl_method->num_ciphers(); + num_of_ciphers = ssl3_num_ciphers(); co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); if (co_list == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -1587,6 +1603,20 @@ SSL_CIPHER_get_value(const SSL_CIPHER *c) return ssl3_cipher_get_value(c); } +const SSL_CIPHER * +SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) +{ + uint16_t cipher_value; + CBS cbs; + + /* This API is documented with ptr being an array of length two. */ + CBS_init(&cbs, ptr, 2); + if (!CBS_get_u16(&cbs, &cipher_value)) + return NULL; + + return ssl3_get_cipher_by_value(cipher_value); +} + int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) { diff --git a/externals/libressl/ssl/ssl_ciphers.c b/externals/libressl/ssl/ssl_ciphers.c index 399e274ad..3174ae9c2 100755 --- a/externals/libressl/ssl/ssl_ciphers.c +++ b/externals/libressl/ssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.9 2020/09/15 15:28:38 schwarze Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018, 2020 Joel Sing @@ -36,28 +36,17 @@ ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher) } int -ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, +ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver) { - /* XXX: We only support DTLSv1 which is effectively TLSv1.1 */ - if (min_ver == DTLS1_VERSION || max_ver == DTLS1_VERSION) - min_ver = max_ver = TLS1_1_VERSION; - switch(cipher->algorithm_ssl) { case SSL_SSLV3: - if (min_ver <= TLS1_2_VERSION) - return 1; - break; + return (min_ver <= TLS1_2_VERSION); case SSL_TLSV1_2: - if (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver) - return 1; - break; + return (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver); case SSL_TLSV1_3: - if (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver) - return 1; - break; + return (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver); } - return 0; } @@ -72,13 +61,13 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) if (ciphers == NULL) return 0; - if (!ssl_supported_version_range(s, &min_vers, &max_vers)) + if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) return 0; for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) return 0; - if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, + if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, max_vers)) continue; if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) @@ -104,10 +93,10 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) { STACK_OF(SSL_CIPHER) *ciphers = NULL; const SSL_CIPHER *cipher; - uint16_t cipher_value, max_version; + uint16_t cipher_value; unsigned long cipher_id; - S3I(s)->send_connection_binding = 0; + s->s3->send_connection_binding = 0; if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -134,7 +123,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) goto err; } - S3I(s)->send_connection_binding = 1; + s->s3->send_connection_binding = 1; continue; } @@ -145,9 +134,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) * Fail if the current version is an unexpected * downgrade. */ - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; - if (s->version < max_version) { + if (s->s3->hs.negotiated_tls_version < + s->s3->hs.our_max_tls_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INAPPROPRIATE_FALLBACK); @@ -180,28 +168,28 @@ struct ssl_tls13_ciphersuite { static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = { { - .name = TLS1_3_TXT_AES_128_GCM_SHA256, - .alias = "TLS_AES_128_GCM_SHA256", + .name = TLS1_3_RFC_AES_128_GCM_SHA256, + .alias = TLS1_3_TXT_AES_128_GCM_SHA256, .cid = TLS1_3_CK_AES_128_GCM_SHA256, }, { - .name = TLS1_3_TXT_AES_256_GCM_SHA384, - .alias = "TLS_AES_256_GCM_SHA384", + .name = TLS1_3_RFC_AES_256_GCM_SHA384, + .alias = TLS1_3_TXT_AES_256_GCM_SHA384, .cid = TLS1_3_CK_AES_256_GCM_SHA384, }, { - .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, - .alias = "TLS_CHACHA20_POLY1305_SHA256", + .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, .cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_SHA256, - .alias = "TLS_AES_128_CCM_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_SHA256, .cid = TLS1_3_CK_AES_128_CCM_SHA256, }, { - .name = TLS1_3_TXT_AES_128_CCM_8_SHA256, - .alias = "TLS_AES_128_CCM_8_SHA256", + .name = TLS1_3_RFC_AES_128_CCM_8_SHA256, + .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256, .cid = TLS1_3_CK_AES_128_CCM_8_SHA256, }, { diff --git a/externals/libressl/ssl/ssl_clnt.c b/externals/libressl/ssl/ssl_clnt.c index f11dcaa10..607b03882 100755 --- a/externals/libressl/ssl/ssl_clnt.c +++ b/externals/libressl/ssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.73 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,8 +152,6 @@ #include #include -#include "ssl_locl.h" - #include #include #include @@ -161,6 +159,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_ENGINE #include @@ -170,6 +169,8 @@ #endif #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" #include "ssl_sigalgs.h" #include "ssl_tlsext.h" @@ -178,29 +179,23 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); int ssl3_connect(SSL *s) { - void (*cb)(const SSL *ssl, int type, int val) = NULL; - int ret = -1; int new_state, state, skip = 0; + int ret = -1; ERR_clear_error(); errno = 0; - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - s->internal->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - S3I(s)->hs.state = SSL_ST_CONNECT; + s->s3->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -209,25 +204,22 @@ ssl3_connect(SSL *s) case SSL_ST_OK|SSL_ST_CONNECT: s->server = 0; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); - if (SSL_IS_DTLS(s)) { - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - } else { - if ((s->version & 0xff00) != 0x0300) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } + ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1); + + if (!ssl_legacy_stack_version(s, s->version)) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + ret = -1; + goto end; } - /* s->version=SSL3_VERSION; */ - s->internal->type = SSL_ST_CONNECT; + if (!ssl_supported_tls_version_range(s, + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { + SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); + ret = -1; + goto end; + } if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -249,15 +241,15 @@ ssl3_connect(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - D1I(s)->send_cookie = 0; + s->d1->send_cookie = 0; s->internal->hit = 0; } break; @@ -266,7 +258,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CLNT_HELLO_B: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* every DTLS ClientHello resets Finished MAC */ tls1_transcript_reset(s); @@ -277,11 +269,11 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (SSL_IS_DTLS(s) && D1I(s)->send_cookie) { - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; - S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; + if (SSL_is_dtls(s) && s->d1->send_cookie) { + s->s3->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else - S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; @@ -298,34 +290,34 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; - if (!SSL_IS_DTLS(s)) { + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; + if (!SSL_is_dtls(s)) { if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; } /* No client certificate verification. */ tls1_transcript_free(s); } - } else if (SSL_IS_DTLS(s)) { - S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; + } else if (SSL_is_dtls(s)) { + s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } else { - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; } s->internal->init_num = 0; break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: - ret = dtls1_get_hello_verify(s); + ret = ssl3_get_dtls_hello_verify(s); if (ret <= 0) goto end; dtls1_stop_timer(s); - if (D1I(s)->send_cookie) /* start again, with a cookie */ - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + if (s->d1->send_cookie) /* start again, with a cookie */ + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; else - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -337,25 +329,25 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -365,7 +357,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -383,7 +375,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -392,12 +384,12 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_done(s); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); - if (S3I(s)->tmp.cert_req) - S3I(s)->hs.state = SSL3_ST_CW_CERT_A; + if (s->s3->hs.tls12.cert_request) + s->s3->hs.state = SSL3_ST_CW_CERT_A; else - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -406,18 +398,18 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: case SSL3_ST_CW_CERT_D: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: case SSL3_ST_CW_KEY_EXCH_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_key_exchange(s); if (ret <= 0) @@ -438,16 +430,16 @@ ssl3_connect(SSL *s) * message when client's ECDH public key is sent * inside the client certificate. */ - if (S3I(s)->tmp.cert_req == 1) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; + if (s->s3->hs.tls12.cert_request == 1) { + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } - if (!SSL_IS_DTLS(s)) { + if (!SSL_is_dtls(s)) { if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } } @@ -456,68 +448,61 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; break; case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - if (SSL_IS_DTLS(s) && !s->internal->hit) + if (SSL_is_dtls(s) && !s->internal->hit) dtls1_start_timer(s); ret = ssl3_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; + s->s3->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; + s->session->cipher = s->s3->hs.cipher; - s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; } - - if (!tls1_change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + if (!tls1_change_write_cipher_state(s)) { ret = -1; goto end; } - - if (SSL_IS_DTLS(s)) - dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); - break; case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - if (SSL_IS_DTLS(s) && !s->internal->hit) + if (SSL_is_dtls(s) && !s->internal->hit) dtls1_start_timer(s); ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, - SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST, - TLS_MD_CLIENT_FINISH_CONST_SIZE); + SSL3_ST_CW_FINISHED_B); if (ret <= 0) goto end; - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) s->s3->flags |= SSL3_FLAGS_CCS_OK; - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ if (s->internal->hit) { - S3I(s)->hs.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; @@ -528,7 +513,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -537,58 +522,58 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - if (SSL_IS_DTLS(s)) - D1I(s)->change_cipher_spec_ok = 1; + if (SSL_is_dtls(s)) + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; else - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; s->internal->init_num = 0; break; case SSL3_ST_CW_FLUSH: s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL_ST_OK: /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; } - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) ssl3_release_init_buffer(s); ssl_free_wbio_buffer(s); @@ -606,13 +591,12 @@ ssl3_connect(SSL *s) s->internal->handshake_func = ssl3_connect; s->ctx->internal->stats.sess_connect_good++; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); + ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* done with handshaking */ - D1I(s)->handshake_read_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; @@ -626,26 +610,25 @@ ssl3_connect(SSL *s) } /* did we do anything */ - if (!S3I(s)->tmp.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if ((cb != NULL) && (S3I(s)->hs.state != state)) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; - cb(s, SSL_CB_CONNECT_LOOP, 1); - S3I(s)->hs.state = new_state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; + ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1); + s->s3->hs.state = new_state; } } skip = 0; } -end: + end: s->internal->in_handshake--; - if (cb != NULL) - cb(s, SSL_CB_CONNECT_EXIT, ret); + ssl_info_callback(s, SSL_CB_CONNECT_EXIT, ret); return (ret); } @@ -660,19 +643,19 @@ ssl3_send_client_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; - if (ssl_supported_version_range(s, NULL, &max_version) != 1) { + if (!ssl_max_supported_version(s, &max_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return (-1); } - s->client_version = s->version = max_version; + s->version = max_version; if (sess == NULL || sess->ssl_version != s->version || (!sess->session_id_length && !sess->tlsext_tick) || - sess->internal->not_resumable) { + sess->not_resumable) { if (!ssl_get_new_session(s, 0)) goto err; } @@ -683,44 +666,14 @@ ssl3_send_client_hello(SSL *s) * HelloVerifyRequest, we must retain the original client * random value. */ - if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0) + if (!SSL_is_dtls(s) || s->d1->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, SSL3_MT_CLIENT_HELLO)) goto err; - /* - * Version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ - if (!CBB_add_u16(&client_hello, s->client_version)) + if (!CBB_add_u16(&client_hello, s->version)) goto err; /* Random stuff */ @@ -744,15 +697,15 @@ ssl3_send_client_hello(SSL *s) } /* DTLS Cookie. */ - if (SSL_IS_DTLS(s)) { - if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { + if (SSL_is_dtls(s)) { + if (s->d1->cookie_len > sizeof(s->d1->cookie)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } if (!CBB_add_u8_length_prefixed(&client_hello, &cookie)) goto err; - if (!CBB_add_bytes(&cookie, D1I(s)->cookie, - D1I(s)->cookie_len)) + if (!CBB_add_bytes(&cookie, s->d1->cookie, + s->d1->cookie_len)) goto err; } @@ -781,81 +734,141 @@ ssl3_send_client_hello(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ return (ssl3_handshake_write(s)); -err: + err: CBB_cleanup(&cbb); return (-1); } +int +ssl3_get_dtls_hello_verify(SSL *s) +{ + CBS hello_verify_request, cookie; + size_t cookie_len; + uint16_t ssl_version; + int al, ret; + + if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, + DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0) + return ret; + + if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { + s->d1->send_cookie = 0; + s->s3->hs.tls12.reuse_message = 1; + return (1); + } + + if (s->internal->init_num < 0) + goto decode_err; + + CBS_init(&hello_verify_request, s->internal->init_msg, + s->internal->init_num); + + if (!CBS_get_u16(&hello_verify_request, &ssl_version)) + goto decode_err; + if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) + goto decode_err; + if (CBS_len(&hello_verify_request) != 0) + goto decode_err; + + /* + * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always + * contain DTLSv1.0 the version that is going to be negotiated. + * Tolerate DTLSv1.2 just in case. + */ + if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) { + SSLerror(s, SSL_R_WRONG_SSL_VERSION); + s->version = (s->version & 0xff00) | (ssl_version & 0xff); + al = SSL_AD_PROTOCOL_VERSION; + goto fatal_err; + } + + if (!CBS_write_bytes(&cookie, s->d1->cookie, + sizeof(s->d1->cookie), &cookie_len)) { + s->d1->cookie_len = 0; + al = SSL_AD_ILLEGAL_PARAMETER; + goto fatal_err; + } + s->d1->cookie_len = cookie_len; + s->d1->send_cookie = 1; + + return 1; + + decode_err: + al = SSL_AD_DECODE_ERROR; + fatal_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + return -1; +} + int ssl3_get_server_hello(SSL *s) { CBS cbs, server_random, session_id; uint16_t server_version, cipher_suite; - uint16_t min_version, max_version; uint8_t compression_method; const SSL_CIPHER *cipher; const SSL_METHOD *method; unsigned long alg_k; size_t outlen; - int al, ok; - long n; + int al, ret; s->internal->first_packet = 1; - n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, - SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, + SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0) + return ret; s->internal->first_packet = 0; - if (n < 0) - goto truncated; + if (s->internal->init_num < 0) + goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (SSL_IS_DTLS(s)) { - if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { - if (D1I(s)->send_cookie == 0) { - S3I(s)->tmp.reuse_message = 1; + if (SSL_is_dtls(s)) { + if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { + if (s->d1->send_cookie == 0) { + s->s3->hs.tls12.reuse_message = 1; return (1); } else { /* Already sent a cookie. */ al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto f_err; + goto fatal_err; } } } - if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto f_err; + goto fatal_err; } if (!CBS_get_u16(&cbs, &server_version)) - goto truncated; + goto decode_err; - if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { - SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); - goto err; - } - - if (server_version < min_version || server_version > max_version) { + if (!ssl_check_version_from_server(s, server_version)) { SSLerror(s, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | (server_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + goto fatal_err; } + s->s3->hs.peer_legacy_version = server_version; s->version = server_version; - if ((method = ssl_get_client_method(server_version)) == NULL) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version); + if (s->s3->hs.negotiated_tls_version == 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; + } + + if ((method = ssl_get_method(server_version)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -863,15 +876,13 @@ ssl3_get_server_hello(SSL *s) /* Server random. */ if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE)) - goto truncated; + goto decode_err; if (!CBS_write_bytes(&server_random, s->s3->server_random, sizeof(s->s3->server_random), NULL)) goto err; - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; - if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION && - s->version < max_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. We must not downgrade if the server * random value contains the TLS 1.2 or TLS 1.1 magical value. @@ -879,34 +890,34 @@ ssl3_get_server_hello(SSL *s) if (!CBS_skip(&server_random, CBS_len(&server_random) - sizeof(tls13_downgrade_12))) goto err; - if (s->version == TLS1_2_VERSION && + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION && CBS_mem_equal(&server_random, tls13_downgrade_12, sizeof(tls13_downgrade_12))) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - goto f_err; + goto fatal_err; } if (CBS_mem_equal(&server_random, tls13_downgrade_11, sizeof(tls13_downgrade_11))) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); - goto f_err; + goto fatal_err; } } /* Session ID. */ if (!CBS_get_u8_length_prefixed(&cbs, &session_id)) - goto truncated; + goto decode_err; if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; + goto fatal_err; } /* Cipher suite. */ if (!CBS_get_u16(&cbs, &cipher_suite)) - goto truncated; + goto decode_err; /* * Check if we want to resume the session based on external @@ -933,7 +944,7 @@ ssl3_get_server_hello(SSL *s) /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - goto f_err; + goto fatal_err; } s->s3->flags |= SSL3_FLAGS_CCS_OK; s->internal->hit = 1; @@ -946,7 +957,7 @@ ssl3_get_server_hello(SSL *s) if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s, 0)) { al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } } @@ -965,22 +976,22 @@ ssl3_get_server_hello(SSL *s) if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED); - goto f_err; + goto fatal_err; } /* TLS v1.2 only ciphersuites require v1.2 or later. */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) { + s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; + goto fatal_err; } if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { /* we did not say we would use this cipher */ al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; + goto fatal_err; } /* @@ -993,9 +1004,9 @@ ssl3_get_server_hello(SSL *s) if (s->internal->hit && (s->session->cipher_id != cipher->id)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; + goto fatal_err; } - S3I(s)->hs.new_cipher = cipher; + s->s3->hs.cipher = cipher; if (!tls1_transcript_hash_init(s)) goto err; @@ -1004,24 +1015,27 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) tls1_transcript_free(s); if (!CBS_get_u8(&cbs, &compression_method)) - goto truncated; + goto decode_err; if (compression_method != 0) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; + goto fatal_err; } if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) { SSLerror(s, SSL_R_PARSE_TLSEXT); - goto f_err; + goto fatal_err; } + if (CBS_len(&cbs) != 0) + goto decode_err; + /* * Determine if we need to see RI. Strictly speaking if we want to * avoid an attack we should *always* see RI even on initial server @@ -1030,11 +1044,11 @@ ssl3_get_server_hello(SSL *s) * which doesn't support RI so for the immediate future tolerate RI * absence on initial connect only. */ - if (!S3I(s)->renegotiate_seen && + if (!s->s3->renegotiate_seen && !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto f_err; + goto fatal_err; } if (ssl_check_serverhello_tlsext(s) <= 0) { @@ -1044,73 +1058,72 @@ ssl3_get_server_hello(SSL *s) return (1); -truncated: + decode_err: /* wrong packet length */ al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; - long n; - CBS cbs, cert_list; - X509 *x = NULL; - const unsigned char *q; - STACK_OF(X509) *sk = NULL; - SESS_CERT *sc; - EVP_PKEY *pkey = NULL; + CBS cbs, cert_list; + X509 *x = NULL; + const unsigned char *q; + STACK_OF(X509) *sk = NULL; + EVP_PKEY *pkey; + int cert_type; + int al, ret; - n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { - S3I(s)->tmp.reuse_message = 1; + ret = -1; + + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto f_err; + goto fatal_err; } - if ((sk = sk_X509_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (n < 0) - goto truncated; + if (s->internal->init_num < 0) + goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if (CBS_len(&cbs) < 3) - goto truncated; + goto decode_err; if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } while (CBS_len(&cert_list) > 0) { CBS cert; if (CBS_len(&cert_list) < 3) - goto truncated; + goto decode_err; if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } q = CBS_data(&cert); @@ -1118,12 +1131,12 @@ ssl3_get_server_certificate(SSL *s) if (x == NULL) { al = SSL_AD_BAD_CERTIFICATE; SSLerror(s, ERR_R_ASN1_LIB); - goto f_err; + goto fatal_err; } if (q != CBS_data(&cert) + CBS_len(&cert)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } if (!sk_X509_push(sk, x)) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -1132,75 +1145,57 @@ ssl3_get_server_certificate(SSL *s) x = NULL; } - i = ssl_verify_cert_chain(s, sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { + if (ssl_verify_cert_chain(s, sk) <= 0 && + s->verify_mode != SSL_VERIFY_NONE) { al = ssl_verify_alarm_type(s->verify_result); SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED); - goto f_err; - + goto fatal_err; } ERR_clear_error(); /* but we keep s->verify_result */ - sc = ssl_sess_cert_new(); - if (sc == NULL) - goto err; - ssl_sess_cert_free(SSI(s)->sess_cert); - SSI(s)->sess_cert = sc; - - sc->cert_chain = sk; /* * Inconsistency alert: cert_chain does include the peer's * certificate, which we don't include in s3_srvr.c */ x = sk_X509_value(sk, 0); - sk = NULL; - /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ - pkey = X509_get_pubkey(x); - - if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { + if ((pkey = X509_get0_pubkey(x)) == NULL || + EVP_PKEY_missing_parameters(pkey)) { x = NULL; al = SSL3_AL_FATAL; SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto f_err; + goto fatal_err; } - - i = ssl_cert_type(x, pkey); - if (i < 0) { + if ((cert_type = ssl_cert_type(pkey)) < 0) { x = NULL; al = SSL3_AL_FATAL; SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto f_err; + goto fatal_err; } - sc->peer_cert_type = i; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* - * Why would the following ever happen? - * We just created sc a couple of lines ago. - */ - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509 = x; - sc->peer_key = &(sc->peer_pkeys[i]); + X509_up_ref(x); + X509_free(s->session->peer_cert); + s->session->peer_cert = x; + s->session->peer_cert_type = cert_type; - X509_free(s->session->peer); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - s->session->peer = x; s->session->verify_result = s->verify_result; + sk_X509_pop_free(s->session->cert_chain, X509_free); + s->session->cert_chain = sk; + sk = NULL; + x = NULL; ret = 1; if (0) { -truncated: + decode_err: /* wrong packet length */ al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } -err: - EVP_PKEY_free(pkey); + err: X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1208,240 +1203,132 @@ err: } static int -ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) +ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) { - CBS dhp, dhg, dhpk; - BN_CTX *bn_ctx = NULL; - SESS_CERT *sc = NULL; - DH *dh = NULL; - long alg_a; - int al; + int decode_error, invalid_params, invalid_key; + int nid = NID_dhKeyAgreement; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; - sc = SSI(s)->sess_cert; + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + goto err; - if ((dh = DH_new()) == NULL) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs, + &decode_error, &invalid_params)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } + goto err; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + &decode_error, &invalid_key)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; } - if (!CBS_get_u16_length_prefixed(cbs, &dhp)) - goto truncated; - if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); - goto err; - } - - if (!CBS_get_u16_length_prefixed(cbs, &dhg)) - goto truncated; - if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); - goto err; - } - - if (!CBS_get_u16_length_prefixed(cbs, &dhpk)) - goto truncated; - if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk), - NULL)) == NULL) { - SSLerror(s, ERR_R_BN_LIB); - goto err; - } - - /* - * Check the strength of the DH key just constructed. - * Discard keys weaker than 1024 bits. - */ - if (DH_size(dh) < 1024 / 8) { + if (invalid_params) { SSLerror(s, SSL_R_BAD_DH_P_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + goto err; + } + if (invalid_key) { + SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); goto err; } - if (alg_a & SSL_aRSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509); - else - /* XXX - Anonymous DH, so no certificate or pkey. */ - *pkey = NULL; - - sc->peer_dh_tmp = dh; - - return (1); - - truncated: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, al); + return 1; err: - DH_free(dh); - BN_CTX_free(bn_ctx); - - return (-1); + return 0; } static int -ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public) +ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) { - EC_KEY *ecdh = NULL; - int ret = -1; - - /* Extract the server's ephemeral ECDH public key. */ - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!ssl_kex_peer_public_ecdhe_ecp(ecdh, nid, public)) { - SSLerror(s, SSL_R_BAD_ECPOINT); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - - sc->peer_nid = nid; - sc->peer_ecdh_tmp = ecdh; - ecdh = NULL; - - ret = 1; - - err: - EC_KEY_free(ecdh); - - return (ret); -} - -static int -ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public) -{ - size_t outlen; - - if (nid != NID_X25519) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (CBS_len(public) != X25519_KEY_LENGTH) { - SSLerror(s, SSL_R_BAD_ECPOINT); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - goto err; - } - - if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - return (1); - - err: - return (-1); -} - -static int -ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs) -{ - CBS public; uint8_t curve_type; uint16_t curve_id; - SESS_CERT *sc; - long alg_a; - int nid; - int al; + int decode_error; + CBS public; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; - sc = SSI(s)->sess_cert; + if (!CBS_get_u8(cbs, &curve_type)) + goto decode_err; + if (!CBS_get_u16(cbs, &curve_id)) + goto decode_err; /* Only named curves are supported. */ - if (!CBS_get_u8(cbs, &curve_type) || - curve_type != NAMED_CURVE_TYPE || - !CBS_get_u16(cbs, &curve_id)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + if (curve_type != NAMED_CURVE_TYPE) { + SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; } + if (!CBS_get_u8_length_prefixed(cbs, &public)) + goto decode_err; + /* * Check that the curve is one of our preferences - if it is not, * the server has sent us an invalid curve. */ - if (tls1_check_curve(s, curve_id) != 1) { - al = SSL_AD_DECODE_ERROR; + if (!tls1_check_curve(s, curve_id)) { SSLerror(s, SSL_R_WRONG_CURVE); - goto f_err; + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + goto err; } - if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto f_err; + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL) + goto err; + + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + &decode_error, NULL)) { + if (decode_error) + goto decode_err; + goto err; } - if (!CBS_get_u8_length_prefixed(cbs, &public)) - goto truncated; + return 1; - if (nid == NID_X25519) { - if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1) - goto err; - } else { - if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1) - goto err; - } - - /* - * The ECC/TLS specification does not mention the use of DSA to sign - * ECParameters in the server key exchange message. We do support RSA - * and ECDSA. - */ - if (alg_a & SSL_aRSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509); - else if (alg_a & SSL_aECDSA) - *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_ECC].x509); - else - /* XXX - Anonymous ECDH, so no certificate or pkey. */ - *pkey = NULL; - - return (1); - - truncated: - al = SSL_AD_DECODE_ERROR; + decode_err: SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); err: - return (-1); + return 0; } int ssl3_get_server_key_exchange(SSL *s) { CBS cbs, signature; - const EVP_MD *md = NULL; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; const unsigned char *param; - long n, alg_k, alg_a; - int al, ok; size_t param_len; + long alg_k, alg_a; + int al, ret; - EVP_MD_CTX_init(&md_ctx); - - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped. */ - n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, + SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - if (n < 0) + if ((md_ctx = EVP_MD_CTX_new()) == NULL) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + if (s->internal->init_num < 0) + goto err; - if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); + + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { /* * Do not skip server key exchange if this cipher suite uses * ephemeral keys. @@ -1449,94 +1336,74 @@ ssl3_get_server_key_exchange(SSL *s) if (alg_k & (SSL_kDHE|SSL_kECDHE)) { SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; + goto fatal_err; } - S3I(s)->tmp.reuse_message = 1; - EVP_MD_CTX_cleanup(&md_ctx); + s->s3->hs.tls12.reuse_message = 1; + EVP_MD_CTX_free(md_ctx); return (1); } - if (SSI(s)->sess_cert != NULL) { - DH_free(SSI(s)->sess_cert->peer_dh_tmp); - SSI(s)->sess_cert->peer_dh_tmp = NULL; - - EC_KEY_free(SSI(s)->sess_cert->peer_ecdh_tmp); - SSI(s)->sess_cert->peer_ecdh_tmp = NULL; - - free(SSI(s)->sess_cert->peer_x25519_tmp); - SSI(s)->sess_cert->peer_x25519_tmp = NULL; - } else { - SSI(s)->sess_cert = ssl_sess_cert_new(); - if (SSI(s)->sess_cert == NULL) - goto err; - } - param = CBS_data(&cbs); param_len = CBS_len(&cbs); if (alg_k & SSL_kDHE) { - if (ssl3_get_server_kex_dhe(s, &pkey, &cbs) != 1) + if (!ssl3_get_server_kex_dhe(s, &cbs)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_get_server_kex_ecdhe(s, &pkey, &cbs) != 1) + if (!ssl3_get_server_kex_ecdhe(s, &cbs)) goto err; } else if (alg_k != 0) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; + goto fatal_err; } param_len -= CBS_len(&cbs); /* if it was signed, check the signature */ - if (pkey != NULL) { - EVP_PKEY_CTX *pctx; + if ((alg_a & SSL_aNULL) == 0) { + uint16_t sigalg_value = SIGALG_NONE; const struct ssl_sigalg *sigalg; + EVP_PKEY_CTX *pctx; + EVP_PKEY *pkey = NULL; + + if ((alg_a & SSL_aRSA) != 0 && + s->session->peer_cert_type == SSL_PKEY_RSA) { + pkey = X509_get0_pubkey(s->session->peer_cert); + } else if ((alg_a & SSL_aECDSA) != 0 && + s->session->peer_cert_type == SSL_PKEY_ECC) { + pkey = X509_get0_pubkey(s->session->peer_cert); + } + if (pkey == NULL) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto fatal_err; + } if (SSL_USE_SIGALGS(s)) { - uint16_t sigalg_value; - if (!CBS_get_u16(&cbs, &sigalg_value)) - goto truncated; - if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, - tls12_sigalgs_len)) == NULL) { - SSLerror(s, SSL_R_UNKNOWN_DIGEST); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if ((md = sigalg->md()) == NULL) { - SSLerror(s, SSL_R_UNKNOWN_DIGEST); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - } else if (pkey->type == EVP_PKEY_RSA) { - sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); - } else if (pkey->type == EVP_PKEY_EC) { - sigalg = ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); - } else { - SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); - al = SSL_AD_DECODE_ERROR; - goto f_err; + goto decode_err; } - md = sigalg->md(); - if (!CBS_get_u16_length_prefixed(&cbs, &signature)) - goto truncated; + goto decode_err; if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH); - goto f_err; + goto fatal_err; } - if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey)) + if ((sigalg = ssl_sigalg_for_peer(s, pkey, + sigalg_value)) == NULL) { + al = SSL_AD_DECODE_ERROR; + goto fatal_err; + } + s->s3->hs.peer_sigalg = sigalg; + + if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), + NULL, pkey)) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, + if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE)) goto err; if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && @@ -1544,46 +1411,38 @@ ssl3_get_server_key_exchange(SSL *s) RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, + if (!EVP_DigestVerifyUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE)) goto err; - if (!EVP_DigestVerifyUpdate(&md_ctx, param, param_len)) + if (!EVP_DigestVerifyUpdate(md_ctx, param, param_len)) goto err; - if (EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), + if (EVP_DigestVerifyFinal(md_ctx, CBS_data(&signature), CBS_len(&signature)) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_SIGNATURE); - goto f_err; - } - } else { - /* aNULL does not need public keys. */ - if (!(alg_a & SSL_aNULL)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; + goto fatal_err; } } if (CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; + goto fatal_err; } - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return (1); - truncated: + decode_err: al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return (-1); } @@ -1591,23 +1450,22 @@ ssl3_get_server_key_exchange(SSL *s) int ssl3_get_certificate_request(SSL *s) { - int ok, ret = 0; - long n; - uint8_t ctype_num; - CBS cert_request, ctypes, rdn_list; - X509_NAME *xn = NULL; - const unsigned char *q; - STACK_OF(X509_NAME) *ca_sk = NULL; + CBS cert_request, cert_types, rdn_list; + X509_NAME *xn = NULL; + const unsigned char *q; + STACK_OF(X509_NAME) *ca_sk = NULL; + int ret; - n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, + SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - S3I(s)->tmp.cert_req = 0; + ret = 0; - if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) { - S3I(s)->tmp.reuse_message = 1; + s->s3->hs.tls12.cert_request = 0; + + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { + s->s3->hs.tls12.reuse_message = 1; /* * If we get here we don't need any cached handshake records * as we wont be doing client auth. @@ -1616,40 +1474,30 @@ ssl3_get_certificate_request(SSL *s) return (1); } - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto err; } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { + if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; } - if (n < 0) - goto truncated; - CBS_init(&cert_request, s->internal->init_msg, n); + if (s->internal->init_num < 0) + goto decode_err; + CBS_init(&cert_request, s->internal->init_msg, s->internal->init_num); if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - /* get the certificate types */ - if (!CBS_get_u8(&cert_request, &ctype_num)) - goto truncated; - - if (ctype_num > SSL3_CT_NUMBER) - ctype_num = SSL3_CT_NUMBER; - if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || - !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, - sizeof(S3I(s)->tmp.ctype), NULL)) { - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } + if (!CBS_get_u8_length_prefixed(&cert_request, &cert_types)) + goto decode_err; if (SSL_USE_SIGALGS(s)) { CBS sigalgs; @@ -1668,8 +1516,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, - &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, + &s->s3->hs.sigalgs_len)) goto err; } @@ -1721,18 +1569,17 @@ ssl3_get_certificate_request(SSL *s) } /* we should setup a certificate to return.... */ - S3I(s)->tmp.cert_req = 1; - S3I(s)->tmp.ctype_num = ctype_num; - sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); - S3I(s)->tmp.ca_names = ca_sk; + s->s3->hs.tls12.cert_request = 1; + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + s->s3->hs.tls12.ca_names = ca_sk; ca_sk = NULL; ret = 1; if (0) { -truncated: + decode_err: SSLerror(s, SSL_R_BAD_PACKET_LENGTH); } -err: + err: X509_NAME_free(xn); sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -1747,44 +1594,39 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) int ssl3_get_new_session_ticket(SSL *s) { - int ok, al, ret = 0; - uint32_t lifetime_hint; - long n; - CBS cbs, session_ticket; + uint32_t lifetime_hint; + CBS cbs, session_ticket; + int al, ret; - n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, - SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, + SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0) + return ret; - if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) { - S3I(s)->tmp.reuse_message = 1; + if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { + if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); - goto f_err; + goto fatal_err; } - if (n < 0) { + if (s->internal->init_num < 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if (!CBS_get_u32(&cbs, &lifetime_hint) || -#if UINT32_MAX > LONG_MAX - lifetime_hint > LONG_MAX || -#endif !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } - s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; + s->session->tlsext_tick_lifetime_hint = lifetime_hint; if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, &s->session->tlsext_ticklen)) { @@ -1811,63 +1653,95 @@ ssl3_get_new_session_ticket(SSL *s) EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket), s->session->session_id, &s->session->session_id_length, EVP_sha256(), NULL); - ret = 1; - return (ret); -f_err: + + return (1); + + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (-1); } int ssl3_get_cert_status(SSL *s) { - CBS cert_status, response; - int ok, al; - long n; - uint8_t status_type; + CBS cert_status, response; + uint8_t status_type; + int al, ret; - n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, - SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS, - 16384, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, + SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0) + return ret; - if (n < 0) { + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Tell the callback the server did not send us an OSCP + * response, and has decided to head directly to key exchange. + */ + if (s->ctx->internal->tlsext_status_cb) { + free(s->internal->tlsext_ocsp_resp); + s->internal->tlsext_ocsp_resp = NULL; + s->internal->tlsext_ocsp_resp_len = 0; + + ret = s->ctx->internal->tlsext_status_cb(s, + s->ctx->internal->tlsext_status_arg); + if (ret == 0) { + al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; + SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); + goto fatal_err; + } + if (ret < 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_MALLOC_FAILURE); + goto fatal_err; + } + } + s->s3->hs.tls12.reuse_message = 1; + return (1); + } + + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE && + s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); + goto fatal_err; + } + + if (s->internal->init_num < 0) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } - CBS_init(&cert_status, s->internal->init_msg, n); + CBS_init(&cert_status, s->internal->init_msg, s->internal->init_num); if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } if (status_type != TLSEXT_STATUSTYPE_ocsp) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); - goto f_err; + goto fatal_err; } if (!CBS_get_u24_length_prefixed(&cert_status, &response) || CBS_len(&cert_status) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, &s->internal->tlsext_ocsp_resp_len)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto f_err; - } + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_MALLOC_FAILURE); + goto fatal_err; + } if (s->ctx->internal->tlsext_status_cb) { int ret; @@ -1876,16 +1750,16 @@ ssl3_get_cert_status(SSL *s) if (ret == 0) { al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); - goto f_err; + goto fatal_err; } if (ret < 0) { al = SSL_AD_INTERNAL_ERROR; SSLerror(s, ERR_R_MALLOC_FAILURE); - goto f_err; + goto fatal_err; } } return (1); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); return (-1); } @@ -1893,32 +1767,32 @@ f_err: int ssl3_get_server_done(SSL *s) { - int ok, ret = 0; - long n; + int ret; - n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, - 30, /* should be very small, like 0 :-) */ &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, + SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, + 30 /* should be very small, like 0 :-) */)) <= 0) + return ret; - if (n > 0) { + if (s->internal->init_num != 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerror(s, SSL_R_LENGTH_MISMATCH); - return (-1); + return -1; } - ret = 1; - return (ret); + + return 1; } static int -ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_rsa(SSL *s, CBB *cbb) { unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char *enc_pms = NULL; - EVP_PKEY *pkey = NULL; - int ret = -1; + uint16_t max_legacy_version; + EVP_PKEY *pkey; + RSA *rsa; + int ret = 0; int enc_len; CBB epms; @@ -1926,23 +1800,31 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1. */ - pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA].x509); - if (pkey == NULL || pkey->type != EVP_PKEY_RSA || - pkey->pkey.rsa == NULL) { + pkey = X509_get0_pubkey(s->session->peer_cert); + if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - pms[0] = s->client_version >> 8; - pms[1] = s->client_version & 0xff; + /* + * Our maximum legacy protocol version - while RFC 5246 section 7.4.7.1 + * says "The latest (newest) version supported by the client", if we're + * doing RSA key exchange then we have to presume that we're talking to + * a server that does not understand the supported versions extension + * and therefore our maximum version is that sent in the ClientHello. + */ + if (!ssl_max_legacy_version(s, &max_legacy_version)) + goto err; + pms[0] = max_legacy_version >> 8; + pms[1] = max_legacy_version & 0xff; arc4random_buf(&pms[2], sizeof(pms) - 2); - if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { + if ((enc_pms = malloc(RSA_size(rsa))) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, + enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, rsa, RSA_PKCS1_PADDING); if (enc_len <= 0) { SSLerror(s, SSL_R_BAD_RSA_ENCRYPT); @@ -1956,221 +1838,130 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb) if (!CBB_flush(cbb)) goto err; - s->session->master_key_length = - tls1_generate_master_secret(s, - s->session->master_key, pms, sizeof(pms)); + if (!tls12_derive_master_secret(s, pms, sizeof(pms))) + goto err; ret = 1; -err: + err: explicit_bzero(pms, sizeof(pms)); - EVP_PKEY_free(pkey); free(enc_pms); - return (ret); + return ret; } static int -ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_dhe(SSL *s, CBB *cbb) { - DH *dh_srvr = NULL, *dh_clnt = NULL; - unsigned char *key = NULL; - int key_size = 0, key_len; - unsigned char *data; - int ret = -1; - CBB dh_Yc; + uint8_t *key = NULL; + size_t key_len = 0; + int ret = 0; - /* Ensure that we have an ephemeral key for DHE. */ - if (sess_cert->peer_dh_tmp == NULL) { + /* Ensure that we have an ephemeral key from the server for DHE. */ + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } - dh_srvr = sess_cert->peer_dh_tmp; - /* Generate a new random key. */ - if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - } - if (!DH_generate_key(dh_clnt)) { - SSLerror(s, ERR_R_DH_LIB); + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; - } - if ((key_size = DH_size(dh_clnt)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - if ((key = malloc(key_size)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - - /* Generate master key from the result. */ - s->session->master_key_length = - tls1_generate_master_secret(s, - s->session->master_key, key, key_len); - - if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc)) - goto err; - if (!CBB_add_space(&dh_Yc, &data, BN_num_bytes(dh_clnt->pub_key))) - goto err; - BN_bn2bin(dh_clnt->pub_key, data); - if (!CBB_flush(cbb)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; - ret = 1; - -err: - DH_free(dh_clnt); - freezero(key, key_size); - - return (ret); -} - -static int -ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb) -{ - EC_KEY *ecdh = NULL; - uint8_t *key = NULL; - size_t key_len = 0; - int ret = -1; - CBB ecpoint; - - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); + if (!tls12_derive_master_secret(s, key, key_len)) goto err; - } - - if (!ssl_kex_generate_ecdhe_ecp(ecdh, sc->peer_nid)) - goto err; - - /* Encode our public key. */ - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - if (!ssl_kex_derive_ecdhe_ecp(ecdh, sc->peer_ecdh_tmp, &key, &key_len)) - goto err; - s->session->master_key_length = tls1_generate_master_secret(s, - s->session->master_key, key, key_len); ret = 1; err: freezero(key, key_len); - EC_KEY_free(ecdh); - return (ret); + return ret; } static int -ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb) +ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) { - uint8_t *public_key = NULL, *private_key = NULL, *shared_key = NULL; - int ret = -1; - CBB ecpoint; + uint8_t *key = NULL; + size_t key_len = 0; + CBB public; + int ret = 0; - /* Generate X25519 key pair and derive shared key. */ - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - if (!X25519(shared_key, private_key, sc->peer_x25519_tmp)) - goto err; - - /* Serialize the public key. */ - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - /* Generate master key from the result. */ - s->session->master_key_length = - tls1_generate_master_secret(s, - s->session->master_key, shared_key, X25519_KEY_LENGTH); - - ret = 1; - - err: - free(public_key); - freezero(private_key, X25519_KEY_LENGTH); - freezero(shared_key, X25519_KEY_LENGTH); - - return (ret); -} - -static int -ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb) -{ - if (sc->peer_x25519_tmp != NULL) { - if (ssl3_send_client_kex_ecdhe_ecx(s, sc, cbb) != 1) - goto err; - } else if (sc->peer_ecdh_tmp != NULL) { - if (ssl3_send_client_kex_ecdhe_ecp(s, sc, cbb) != 1) - goto err; - } else { + /* Ensure that we have an ephemeral key for ECDHE. */ + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - return (1); + if (!tls_key_share_generate(s->s3->hs.key_share)) + goto err; + + if (!CBB_add_u8_length_prefixed(cbb, &public)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &public)) + goto err; + if (!CBB_flush(cbb)) + goto err; + + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) + goto err; + + if (!tls12_derive_master_secret(s, key, key_len)) + goto err; + + ret = 1; err: - return (-1); + freezero(key, key_len); + + return ret; } static int -ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) +ssl3_send_client_kex_gost(SSL *s, CBB *cbb) { unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; - EVP_PKEY *pub_key = NULL; - EVP_PKEY_CTX *pkey_ctx; - X509 *peer_cert; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_MD_CTX *ukm_hash = NULL; + EVP_PKEY *pkey; size_t msglen; unsigned int md_len; - EVP_MD_CTX *ukm_hash; - int ret = -1; - int nid; CBB gostblob; + int nid; + int ret = 0; /* Get server sertificate PKEY and create ctx from it */ - peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; - if (peer_cert == NULL) { + pkey = X509_get0_pubkey(s->session->peer_cert); + if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) { SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); goto err; } - - pub_key = X509_get_pubkey(peer_cert); - pkey_ctx = EVP_PKEY_CTX_new(pub_key, NULL); + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + SSLerror(s, ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key parameters match * those of server certificate, use certificate key for key exchange. * Otherwise, generate ephemeral key pair. */ - EVP_PKEY_encrypt_init(pkey_ctx); + if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) + goto err; /* Generate session key. */ - arc4random_buf(premaster_secret, 32); + arc4random_buf(premaster_secret, sizeof(premaster_secret)); /* * If we have client certificate, use its secret as peer key. + * XXX - this presumably lacks PFS. */ - if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) { + if (s->s3->hs.tls12.cert_request != 0 && + s->cert->key->privatekey != NULL) { if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { /* @@ -2184,22 +1975,24 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* * Compute shared IV and store it in algorithm-specific context data. */ - ukm_hash = EVP_MD_CTX_new(); - if (ukm_hash == NULL) { + if ((ukm_hash = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94) + /* XXX check handshake hash instead. */ + if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_GostR3411_94; else nid = NID_id_tc26_gost3411_2012_256; if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid))) goto err; - EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); - EVP_MD_CTX_free(ukm_hash); + if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE)) + goto err; + if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE)) + goto err; + if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len)) + goto err; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { SSLerror(s, SSL_R_LIBRARY_BUG); @@ -2211,7 +2004,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) */ msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, - 32) < 0) { + sizeof(premaster_secret)) < 0) { SSLerror(s, SSL_R_LIBRARY_BUG); goto err; } @@ -2225,58 +2018,48 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) /* Check if pubkey from client certificate was used. */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) { - /* Set flag "skip certificate verify". */ + NULL) > 0) s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - } - EVP_PKEY_CTX_free(pkey_ctx); - s->session->master_key_length = - tls1_generate_master_secret(s, - s->session->master_key, premaster_secret, 32); + + if (!tls12_derive_master_secret(s, premaster_secret, 32)) + goto err; ret = 1; err: explicit_bzero(premaster_secret, sizeof(premaster_secret)); - EVP_PKEY_free(pub_key); + EVP_PKEY_CTX_free(pkey_ctx); + EVP_MD_CTX_free(ukm_hash); - return (ret); + return ret; } int ssl3_send_client_key_exchange(SSL *s) { - SESS_CERT *sess_cert; unsigned long alg_k; CBB cbb, kex; memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - - if ((sess_cert = SSI(s)->sess_cert) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_UNEXPECTED_MESSAGE); - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) { + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!ssl3_handshake_msg_start(s, &cbb, &kex, SSL3_MT_CLIENT_KEY_EXCHANGE)) goto err; if (alg_k & SSL_kRSA) { - if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_rsa(s, &kex)) goto err; } else if (alg_k & SSL_kDHE) { - if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_dhe(s, &kex)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_ecdhe(s, &kex)) goto err; } else if (alg_k & SSL_kGOST) { - if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1) + if (!ssl3_send_client_kex_gost(s, &kex)) goto err; } else { ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2288,49 +2071,38 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ return (ssl3_handshake_write(s)); -err: + err: CBB_cleanup(&cbb); return (-1); } static int -ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) +ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, + const struct ssl_sigalg *sigalg, CBB *cert_verify) { - const struct ssl_sigalg *sigalg; CBB cbb_signature; EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *pkey; - EVP_MD_CTX mctx; - const EVP_MD *md; + EVP_MD_CTX *mctx = NULL; const unsigned char *hdata; unsigned char *signature = NULL; size_t signature_len, hdata_len; int ret = 0; - EVP_MD_CTX_init(&mctx); - - pkey = s->cert->key->privatekey; - if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { - SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); + if ((mctx = EVP_MD_CTX_new()) == NULL) goto err; - } - if ((md = sigalg->md()) == NULL) { - SSLerror(s, SSL_R_UNKNOWN_DIGEST); - goto err; - } if (!tls1_transcript_data(s, &hdata, &hdata_len)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2346,11 +2118,11 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { + if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || signature_len == 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -2359,7 +2131,7 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2376,30 +2148,30 @@ ssl3_send_client_verify_sigalgs(SSL *s, CBB *cert_verify) ret = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); free(signature); return ret; } static int -ssl3_send_client_verify_rsa(SSL *s, CBB *cert_verify) +ssl3_send_client_verify_rsa(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; - EVP_PKEY *pkey; + RSA *rsa; unsigned char data[EVP_MAX_MD_SIZE]; unsigned char *signature = NULL; unsigned int signature_len; size_t data_len; int ret = 0; - pkey = s->cert->key->privatekey; - if (!tls1_transcript_hash_value(s, data, sizeof(data), &data_len)) goto err; if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) goto err; - if (RSA_sign(NID_md5_sha1, data, data_len, signature, - &signature_len, pkey->pkey.rsa) <= 0 ) { + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) + goto err; + if (RSA_sign(NID_md5_sha1, data, data_len, signature, &signature_len, + rsa) <= 0 ) { SSLerror(s, ERR_R_RSA_LIB); goto err; } @@ -2418,23 +2190,23 @@ ssl3_send_client_verify_rsa(SSL *s, CBB *cert_verify) } static int -ssl3_send_client_verify_ec(SSL *s, CBB *cert_verify) +ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; - EVP_PKEY *pkey; + EC_KEY *eckey; unsigned char data[EVP_MAX_MD_SIZE]; unsigned char *signature = NULL; unsigned int signature_len; int ret = 0; - pkey = s->cert->key->privatekey; - if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL)) goto err; if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL) goto err; - if (!ECDSA_sign(pkey->save_type, &data[MD5_DIGEST_LENGTH], - SHA_DIGEST_LENGTH, signature, &signature_len, pkey->pkey.ec)) { + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) + goto err; + if (!ECDSA_sign(0, &data[MD5_DIGEST_LENGTH], SHA_DIGEST_LENGTH, + signature, &signature_len, eckey)) { SSLerror(s, ERR_R_ECDSA_LIB); goto err; } @@ -2454,12 +2226,11 @@ ssl3_send_client_verify_ec(SSL *s, CBB *cert_verify) #ifndef OPENSSL_NO_GOST static int -ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) +ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) { CBB cbb_signature; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; const EVP_MD *md; const unsigned char *hdata; unsigned char *signature = NULL; @@ -2468,9 +2239,8 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) int nid; int ret = 0; - EVP_MD_CTX_init(&mctx); - - pkey = s->cert->key->privatekey; + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto err; if (!tls1_transcript_data(s, &hdata, &hdata_len)) { SSLerror(s, ERR_R_INTERNAL_ERROR); @@ -2481,7 +2251,7 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignInit(&mctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2490,11 +2260,11 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&mctx, hdata, hdata_len)) { + if (!EVP_DigestSignUpdate(mctx, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&mctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(mctx, NULL, &signature_len) || signature_len == 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -2503,7 +2273,7 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&mctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(mctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -2517,7 +2287,7 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) ret = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); free(signature); return ret; } @@ -2526,35 +2296,42 @@ ssl3_send_client_verify_gost(SSL *s, CBB *cert_verify) int ssl3_send_client_verify(SSL *s) { + const struct ssl_sigalg *sigalg; CBB cbb, cert_verify; EVP_PKEY *pkey; memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, SSL3_MT_CERTIFICATE_VERIFY)) goto err; pkey = s->cert->key->privatekey; + if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { + SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); + goto err; + } + s->s3->hs.our_sigalg = sigalg; /* - * For TLS v1.2 send signature algorithm and signature - * using agreed digest and cached handshake records. + * For TLS v1.2 send signature algorithm and signature using + * agreed digest and cached handshake records. */ if (SSL_USE_SIGALGS(s)) { - if (!ssl3_send_client_verify_sigalgs(s, &cert_verify)) + if (!ssl3_send_client_verify_sigalgs(s, pkey, sigalg, + &cert_verify)) goto err; - } else if (pkey->type == EVP_PKEY_RSA) { - if (!ssl3_send_client_verify_rsa(s, &cert_verify)) + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { + if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify)) goto err; - } else if (pkey->type == EVP_PKEY_EC) { - if (!ssl3_send_client_verify_ec(s, &cert_verify)) + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify)) goto err; #ifndef OPENSSL_NO_GOST - } else if (pkey->type == NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001) { - if (!ssl3_send_client_verify_gost(s, &cert_verify)) + } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || + EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { + if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify)) goto err; #endif } else { @@ -2567,7 +2344,7 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B; } return (ssl3_handshake_write(s)); @@ -2588,20 +2365,20 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_A) { if (s->cert->key->x509 == NULL || s->cert->key->privatekey == NULL) - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; else - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to - * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later + * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1); + * We then get retried later. */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { @@ -2610,7 +2387,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2622,27 +2399,27 @@ ssl3_send_client_certificate(SSL *s) X509_free(x509); EVP_PKEY_free(pkey); if (i == 0) { - S3I(s)->tmp.cert_req = 2; + s->s3->hs.tls12.cert_request = 2; /* There is no client certificate to verify. */ tls1_transcript_free(s); } /* Ok, we have a cert */ - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &client_cert, - (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key)) + (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_D; + s->s3->hs.state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2659,62 +2436,52 @@ ssl3_send_client_certificate(SSL *s) int ssl3_check_cert_and_algorithm(SSL *s) { - int i, idx; - long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - SESS_CERT *sc; - DH *dh; + long alg_k, alg_a; + int nid = NID_undef; + int i; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) return (1); - sc = SSI(s)->sess_cert; - if (sc == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - dh = SSI(s)->sess_cert->peer_dh_tmp; + if (s->s3->hs.key_share != NULL) + nid = tls_key_share_nid(s->s3->hs.key_share); /* This is the passed certificate. */ - idx = sc->peer_cert_type; - if (idx == SSL_PKEY_ECC) { - if (ssl_check_srvr_ecc_cert_and_alg( - sc->peer_pkeys[idx].x509, s) == 0) { - /* check failed */ + if (s->session->peer_cert_type == SSL_PKEY_ECC) { + if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) { SSLerror(s, SSL_R_BAD_ECC_CERT); - goto f_err; - } else { - return (1); + goto fatal_err; } + return (1); } - pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); - i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); - EVP_PKEY_free(pkey); + + i = X509_certificate_type(s->session->peer_cert, NULL); /* Check that we have a certificate if we require one. */ if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); - goto f_err; + goto fatal_err; } if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + goto fatal_err; } if ((alg_k & SSL_kDHE) && - !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { + !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (nid == NID_dhKeyAgreement))) { SSLerror(s, SSL_R_MISSING_DH_KEY); - goto f_err; + goto fatal_err; } return (1); -f_err: + + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); -err: + return (0); } @@ -2727,22 +2494,20 @@ err: int ssl3_check_finished(SSL *s) { - int ok; - long n; + int ret; /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ - n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) + return ret; - S3I(s)->tmp.reuse_message = 1; - if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) || - (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) + s->s3->hs.tls12.reuse_message = 1; + if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) || + (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) return (2); return (1); diff --git a/externals/libressl/ssl/ssl_err.c b/externals/libressl/ssl/ssl_err.c index cbc289823..d4c9fbbf0 100755 --- a/externals/libressl/ssl/ssl_err.c +++ b/externals/libressl/ssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.37 2020/01/21 05:19:02 jsing Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.40 2022/02/05 14:54:10 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -61,6 +61,7 @@ #include #include +#include #include #include "ssl_locl.h" @@ -293,6 +294,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_APPLICATION_PROTOCOL), "no application protocol"}, {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, @@ -664,5 +666,5 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l) { ERR_PUT_error(ERR_LIB_SSL, - (SSL_state_func_code(S3I(s)->hs.state)), r, f, l); + (SSL_state_func_code(s->s3->hs.state)), r, f, l); } diff --git a/externals/libressl/ssl/ssl_kex.c b/externals/libressl/ssl/ssl_kex.c index 9f05fd60c..cab2f1c78 100755 --- a/externals/libressl/ssl/ssl_kex.c +++ b/externals/libressl/ssl/ssl_kex.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */ +/* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */ /* - * Copyright (c) 2020 Joel Sing + * Copyright (c) 2020, 2021 Joel Sing * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,6 +17,8 @@ #include +#include +#include #include #include #include @@ -24,6 +26,245 @@ #include "bytestring.h" +#define DHE_MINIMUM_BITS 1024 + +int +ssl_kex_generate_dhe(DH *dh, DH *dh_params) +{ + BIGNUM *p = NULL, *g = NULL; + int ret = 0; + + if ((p = BN_dup(DH_get0_p(dh_params))) == NULL) + goto err; + if ((g = BN_dup(DH_get0_g(dh_params))) == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + if (!DH_generate_key(dh)) + goto err; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits) +{ + BIGNUM *p = NULL, *g = NULL; + int ret = 0; + + if (key_bits >= 8192) + p = get_rfc3526_prime_8192(NULL); + else if (key_bits >= 4096) + p = get_rfc3526_prime_4096(NULL); + else if (key_bits >= 3072) + p = get_rfc3526_prime_3072(NULL); + else if (key_bits >= 2048) + p = get_rfc3526_prime_2048(NULL); + else if (key_bits >= 1536) + p = get_rfc3526_prime_1536(NULL); + else + p = get_rfc2409_prime_1024(NULL); + + if (p == NULL) + goto err; + + if ((g = BN_new()) == NULL) + goto err; + if (!BN_set_word(g, 2)) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + if (!DH_generate_key(dh)) + goto err; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_params_dhe(DH *dh, CBB *cbb) +{ + int dh_p_len, dh_g_len; + CBB dh_p, dh_g; + uint8_t *data; + + if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0) + return 0; + if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) + return 0; + if (!CBB_add_space(&dh_p, &data, dh_p_len)) + return 0; + if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) + return 0; + if (!CBB_add_space(&dh_g, &data, dh_g_len)) + return 0; + if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +ssl_kex_public_dhe(DH *dh, CBB *cbb) +{ + uint8_t *data; + int dh_y_len; + CBB dh_y; + + if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0) + return 0; + + if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) + return 0; + if (!CBB_add_space(&dh_y, &data, dh_y_len)) + return 0; + if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + return 1; +} + +int +ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_params) +{ + BIGNUM *p = NULL, *g = NULL; + CBS dh_p, dh_g; + int ret = 0; + + *decode_error = 0; + *invalid_params = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) { + *decode_error = 1; + goto err; + } + if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) { + *decode_error = 1; + goto err; + } + + if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL) + goto err; + if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + p = NULL; + g = NULL; + + /* XXX - consider calling DH_check(). */ + + if (DH_bits(dh) < DHE_MINIMUM_BITS) + *invalid_params = 1; + + ret = 1; + + err: + BN_free(p); + BN_free(g); + + return ret; +} + +int +ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_key) +{ + BIGNUM *pub_key = NULL; + int check_flags; + CBS dh_y; + int ret = 0; + + *decode_error = 0; + *invalid_key = 0; + + if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) { + *decode_error = 1; + goto err; + } + + if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y), + NULL)) == NULL) + goto err; + + if (!DH_set0_key(dh, pub_key, NULL)) + goto err; + pub_key = NULL; + + if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags)) + goto err; + if (check_flags != 0) + *invalid_key = 1; + + ret = 1; + + err: + BN_free(pub_key); + + return ret; +} + +int +ssl_kex_derive_dhe(DH *dh, DH *dh_peer, + uint8_t **shared_key, size_t *shared_key_len) +{ + uint8_t *key = NULL; + int key_len = 0; + int ret = 0; + + if ((key_len = DH_size(dh)) <= 0) + goto err; + if ((key = calloc(1, key_len)) == NULL) + goto err; + + if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0) + goto err; + + *shared_key = key; + *shared_key_len = key_len; + key = NULL; + + ret = 1; + + err: + freezero(key, key_len); + + return ret; +} + int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) { @@ -149,8 +390,8 @@ ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, uint8_t **shared_key, size_t *shared_key_len) { const EC_POINT *point; - uint8_t *sk = NULL; - int sk_len = 0; + uint8_t *key = NULL; + int key_len = 0; int ret = 0; if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL)) @@ -161,22 +402,22 @@ ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer, if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL) goto err; - if ((sk_len = ECDH_size(ecdh)) <= 0) + if ((key_len = ECDH_size(ecdh)) <= 0) goto err; - if ((sk = calloc(1, sk_len)) == NULL) + if ((key = calloc(1, key_len)) == NULL) goto err; - if (ECDH_compute_key(sk, sk_len, point, ecdh, NULL) <= 0) + if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0) goto err; - *shared_key = sk; - *shared_key_len = sk_len; - sk = NULL; + *shared_key = key; + *shared_key_len = key_len; + key = NULL; ret = 1; err: - freezero(sk, sk_len); + freezero(key, key_len); return ret; } diff --git a/externals/libressl/ssl/ssl_lib.c b/externals/libressl/ssl/ssl_lib.c index 6e375e1c0..6adc28a5e 100755 --- a/externals/libressl/ssl/ssl_lib.c +++ b/externals/libressl/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.290 2022/03/18 18:01:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,15 +144,14 @@ #include #include +#include #include -#include "ssl_locl.h" - -#include #include #include #include #include +#include #include #ifndef OPENSSL_NO_ENGINE @@ -160,6 +159,8 @@ #endif #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" #include "ssl_sigalgs.h" const char *SSL_version_str = OPENSSL_VERSION_TEXT; @@ -186,9 +187,7 @@ SSL_clear(SSL *s) return (0); } - s->internal->type = 0; - - s->version = s->method->internal->version; + s->version = s->method->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; s->internal->rstate = SSL_ST_READ_HEADER; @@ -208,12 +207,12 @@ SSL_clear(SSL *s) */ if (!s->internal->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { - s->method->internal->ssl_free(s); + s->method->ssl_free(s); s->method = s->ctx->method; - if (!s->method->internal->ssl_new(s)) + if (!s->method->ssl_new(s)) return (0); } else - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -254,12 +253,18 @@ SSL_new(SSL_CTX *ctx) if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) goto err; - s->internal->min_version = ctx->internal->min_version; - s->internal->max_version = ctx->internal->max_version; + if ((s->internal->rl = tls12_record_layer_new()) == NULL) + goto err; + + s->internal->min_tls_version = ctx->internal->min_tls_version; + s->internal->max_tls_version = ctx->internal->max_tls_version; + s->internal->min_proto_version = ctx->internal->min_proto_version; + s->internal->max_proto_version = ctx->internal->max_proto_version; s->internal->options = ctx->internal->options; s->internal->mode = ctx->internal->mode; s->internal->max_cert_list = ctx->internal->max_cert_list; + s->internal->num_tickets = ctx->internal->num_tickets; if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) goto err; @@ -338,14 +343,11 @@ SSL_new(SSL_CTX *ctx) s->method = ctx->method; - if (!s->method->internal->ssl_new(s)) - goto err; - - if ((s->internal->rl = tls12_record_layer_new()) == NULL) + if (!s->method->ssl_new(s)) goto err; s->references = 1; - s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1; + s->server = ctx->method->server; SSL_clear(s); @@ -460,7 +462,7 @@ SSL_set1_host(SSL *s, const char *hostname) { struct in_addr ina; struct in6_addr in6a; - + if (hostname != NULL && *hostname != '\0' && (inet_pton(AF_INET, hostname, &ina) == 1 || inet_pton(AF_INET6, hostname, &in6a) == 1)) @@ -469,6 +471,12 @@ SSL_set1_host(SSL *s, const char *hostname) return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); } +void +SSL_set_hostflags(SSL *s, unsigned int flags) +{ + X509_VERIFY_PARAM_set_hostflags(s->param, flags); +} + const char * SSL_get0_peername(SSL *s) { @@ -559,7 +567,7 @@ SSL_free(SSL *s) sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); if (s->method != NULL) - s->method->internal->ssl_free(s); + s->method->ssl_free(s); SSL_CTX_free(s->ctx); @@ -588,8 +596,8 @@ SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) /* If the output buffering BIO is still in place, remove it */ if (s->bbio != NULL) { if (s->wbio == s->bbio) { - s->wbio = s->wbio->next_bio; - s->bbio->next_bio = NULL; + s->wbio = BIO_next(s->wbio); + BIO_set_next(s->bbio, NULL); } } @@ -607,6 +615,13 @@ SSL_get_rbio(const SSL *s) return (s->rbio); } +void +SSL_set0_rbio(SSL *s, BIO *rbio) +{ + BIO_free_all(s->rbio); + s->rbio = rbio; +} + BIO * SSL_get_wbio(const SSL *s) { @@ -660,7 +675,7 @@ SSL_set_fd(SSL *s, int fd) BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); ret = 1; -err: + err: return (ret); } @@ -683,7 +698,7 @@ SSL_set_wfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); ret = 1; -err: + err: return (ret); } @@ -706,7 +721,7 @@ SSL_set_rfd(SSL *s, int fd) } else SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); ret = 1; -err: + err: return (ret); } @@ -717,10 +732,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->tmp.finish_md_len; + ret = s->s3->hs.finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->tmp.finish_md, count); + memcpy(buf, s->s3->hs.finished, count); return (ret); } @@ -730,10 +745,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->tmp.peer_finish_md_len; + ret = s->s3->hs.peer_finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->tmp.peer_finish_md, count); + memcpy(buf, s->s3->hs.peer_finished, count); return (ret); } @@ -756,6 +771,46 @@ int return (s->internal->verify_callback); } +void +SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) +{ + ctx->internal->keylog_callback = cb; +} + +SSL_CTX_keylog_cb_func +SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) +{ + return (ctx->internal->keylog_callback); +} + +int +SSL_set_num_tickets(SSL *s, size_t num_tickets) +{ + s->internal->num_tickets = num_tickets; + + return 1; +} + +size_t +SSL_get_num_tickets(const SSL *s) +{ + return s->internal->num_tickets; +} + +int +SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) +{ + ctx->internal->num_tickets = num_tickets; + + return 1; +} + +size_t +SSL_CTX_get_num_tickets(const SSL_CTX *ctx) +{ + return ctx->internal->num_tickets; +} + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { @@ -804,44 +859,42 @@ SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { - return (s->method->internal->ssl_pending(s)); + return (s->method->ssl_pending(s)); } X509 * SSL_get_peer_certificate(const SSL *s) { - X509 *r; + X509 *cert; - if ((s == NULL) || (s->session == NULL)) - r = NULL; - else - r = s->session->peer; + if (s == NULL || s->session == NULL) + return NULL; - if (r == NULL) - return (r); + if ((cert = s->session->peer_cert) == NULL) + return NULL; - CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); - return (r); + return cert; } STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) { - STACK_OF(X509) *r; - - if ((s == NULL) || (s->session == NULL) || - (SSI(s)->sess_cert == NULL)) - r = NULL; - else - r = SSI(s)->sess_cert->cert_chain; + if (s == NULL || s->session == NULL) + return NULL; /* * If we are a client, cert_chain includes the peer's own - * certificate; - * if we are a server, it does not. + * certificate; if we are a server, it does not. */ - return (r); + return s->session->cert_chain; +} + +STACK_OF(X509) * +SSL_get0_verified_chain(const SSL *s) +{ + return s->internal->verified_chain; } /* @@ -851,7 +904,7 @@ SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { - CERT *tmp; + SSL_CERT *tmp; /* Do we need to do SSL locking? */ if (!SSL_set_session(t, SSL_get_session(f))) @@ -859,9 +912,9 @@ SSL_copy_session_id(SSL *t, const SSL *f) /* What if we are set up for one protocol but want to talk another? */ if (t->method != f->method) { - t->method->internal->ssl_free(t); + t->method->ssl_free(t); t->method = f->method; - if (!t->method->internal->ssl_new(t)) + if (!t->method->ssl_new(t)) return 0; } @@ -926,7 +979,7 @@ SSL_accept(SSL *s) if (s->internal->handshake_func == NULL) SSL_set_accept_state(s); /* Not properly initialized yet */ - return (s->method->internal->ssl_accept(s)); + return (s->method->ssl_accept(s)); } int @@ -935,7 +988,13 @@ SSL_connect(SSL *s) if (s->internal->handshake_func == NULL) SSL_set_connect_state(s); /* Not properly initialized yet */ - return (s->method->internal->ssl_connect(s)); + return (s->method->ssl_connect(s)); +} + +int +SSL_is_dtls(const SSL *s) +{ + return s->method->dtls; } int @@ -963,6 +1022,11 @@ SSL_get_default_timeout(const SSL *s) int SSL_read(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -975,9 +1039,33 @@ SSL_read(SSL *s, void *buf, int num) return ssl3_read(s, buf, num); } +int +SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) +{ + int ret; + + /* We simply don't bother supporting enormous reads */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_read(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_read = ret; + + return ret > 0; +} + int SSL_peek(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -989,9 +1077,33 @@ SSL_peek(SSL *s, void *buf, int num) return ssl3_peek(s, buf, num); } +int +SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) +{ + int ret; + + /* We simply don't bother supporting enormous peeks */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_peek(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_peeked = ret; + + return ret > 0; +} + int SSL_write(SSL *s, const void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1005,6 +1117,31 @@ SSL_write(SSL *s, const void *buf, int num) return ssl3_write(s, buf, num); } +int +SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) +{ + int ret; + + /* We simply don't bother supporting enormous writes */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + if (num == 0) { + /* This API is special */ + bytes_written = 0; + return 1; + } + + ret = SSL_write(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_written = ret; + + return ret > 0; +} + uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) { @@ -1072,7 +1209,7 @@ SSL_shutdown(SSL *s) } if (s != NULL && !SSL_in_init(s)) - return (s->method->internal->ssl_shutdown(s)); + return (s->method->ssl_shutdown(s)); return (1); } @@ -1085,7 +1222,7 @@ SSL_renegotiate(SSL *s) s->internal->new_session = 1; - return (s->method->internal->ssl_renegotiate(s)); + return (s->method->ssl_renegotiate(s)); } int @@ -1096,7 +1233,7 @@ SSL_renegotiate_abbreviated(SSL *s) s->internal->new_session = 0; - return (s->method->internal->ssl_renegotiate(s)); + return (s->method->ssl_renegotiate(s)); } int @@ -1145,8 +1282,8 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < (long)dtls1_min_mtu()) return (0); #endif - if (SSL_IS_DTLS(s)) { - D1I(s)->mtu = larg; + if (SSL_is_dtls(s)) { + s->d1->mtu = larg; return (larg); } return (0); @@ -1157,10 +1294,10 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (1); case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) - return (S3I(s)->send_connection_binding); + return (s->s3->send_connection_binding); else return (0); default: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return dtls1_ctrl(s, cmd, larg, parg); return ssl3_ctrl(s, cmd, larg, parg); } @@ -1171,9 +1308,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->internal->msg_callback = (void (*)(int write_p, int version, - int content_type, const void *buf, size_t len, - SSL *ssl, void *arg))(fp); + s->internal->msg_callback = (ssl_msg_callback_fn *)(fp); return (1); default: @@ -1271,9 +1406,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { switch (cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->internal->msg_callback = (void (*)(int write_p, int version, - int content_type, const void *buf, size_t len, SSL *ssl, - void *arg))(fp); + ctx->internal->msg_callback = (ssl_msg_callback_fn *)fp; return (1); default: @@ -1322,7 +1455,7 @@ SSL_get1_supported_ciphers(SSL *s) if (s == NULL) return NULL; - if (!ssl_supported_version_range(s, &min_vers, &max_vers)) + if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers)) return NULL; if ((ciphers = SSL_get_ciphers(s)) == NULL) return NULL; @@ -1332,7 +1465,7 @@ SSL_get1_supported_ciphers(SSL *s) for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) goto err; - if (!ssl_cipher_allowed_in_version_range(cipher, min_vers, + if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers, max_vers)) continue; if (!sk_SSL_CIPHER_push(supported_ciphers, cipher)) @@ -1356,8 +1489,6 @@ ssl_has_ecc_ciphers(SSL *s) SSL_CIPHER *cipher; int i; - if (s->version == DTLS1_VERSION) - return 0; if ((ciphers = SSL_get_ciphers(s)) == NULL) return 0; @@ -1478,22 +1609,30 @@ SSL_set_ciphersuites(SSL *s, const char *str) char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len) { - STACK_OF(SSL_CIPHER) *ciphers; + STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers; const SSL_CIPHER *cipher; size_t curlen = 0; char *end; int i; - if (s->session == NULL || s->session->ciphers == NULL || len < 2) - return (NULL); + if (!s->server || s->session == NULL || len < 2) + return NULL; - ciphers = s->session->ciphers; - if (sk_SSL_CIPHER_num(ciphers) == 0) - return (NULL); + if ((client_ciphers = s->session->ciphers) == NULL) + return NULL; + if ((server_ciphers = SSL_get_ciphers(s)) == NULL) + return NULL; + if (sk_SSL_CIPHER_num(client_ciphers) == 0 || + sk_SSL_CIPHER_num(server_ciphers) == 0) + return NULL; buf[0] = '\0'; - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - cipher = sk_SSL_CIPHER_value(ciphers, i); + for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) { + cipher = sk_SSL_CIPHER_value(client_ciphers, i); + + if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0) + continue; + end = buf + curlen; if (strlcat(buf, cipher->name, len) >= len || (curlen = strlcat(buf, ":", len)) >= len) { @@ -1505,7 +1644,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) /* remove trailing colon */ if ((end = strrchr(buf, ':')) != NULL) *end = '\0'; - return (buf); + return buf; } /* @@ -1580,7 +1719,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, result = client; status = OPENSSL_NPN_NO_OVERLAP; -found: + found: *out = (unsigned char *) result + 1; *outlen = result[0]; return (status); @@ -1698,11 +1837,14 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = NULL; - *len = 0; + *data = ssl->s3->alpn_selected; + *len = ssl->s3->alpn_selected_len; +} - *data = ssl->s3->internal->alpn_selected; - *len = ssl->s3->internal->alpn_selected_len; +void +SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) +{ + return; } int @@ -1710,8 +1852,17 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context) { - return (tls1_export_keying_material(s, out, olen, - label, llen, p, plen, use_context)); + if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) { + if (!use_context) { + p = NULL; + plen = 0; + } + return tls13_exporter(s->internal->tls13, label, llen, p, plen, + out, olen); + } + + return (tls1_export_keying_material(s, out, olen, label, llen, p, plen, + use_context)); } static unsigned long @@ -1800,8 +1951,10 @@ SSL_CTX_new(const SSL_METHOD *meth) } ret->method = meth; - ret->internal->min_version = meth->internal->min_version; - ret->internal->max_version = meth->internal->max_version; + ret->internal->min_tls_version = meth->min_tls_version; + ret->internal->max_tls_version = meth->max_tls_version; + ret->internal->min_proto_version = 0; + ret->internal->max_proto_version = 0; ret->internal->mode = SSL_MODE_AUTO_RETRY; ret->cert_store = NULL; @@ -1911,9 +2064,9 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; return (ret); -err: + err: SSLerrorx(ERR_R_MALLOC_FAILURE); -err2: + err2: SSL_CTX_free(ret); return (NULL); } @@ -2025,22 +2178,11 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -static int -ssl_cert_can_sign(X509 *x) -{ - /* This call populates extension flags (ex_flags). */ - X509_check_purpose(x, -1, 0); - - /* Key usage, if present, must allow signing. */ - return ((x->ex_flags & EXFLAG_KUSAGE) == 0 || - (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)); -} - void -ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) { unsigned long mask_a, mask_k; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; if (c == NULL) return; @@ -2048,12 +2190,14 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a = SSL_aNULL | SSL_aTLS1_3; mask_k = SSL_kECDHE | SSL_kTLS1_3; - if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0) + if (c->dhe_params != NULL || c->dhe_params_cb != NULL || + c->dhe_params_auto != 0) mask_k |= SSL_kDHE; cpk = &(c->pkeys[SSL_PKEY_ECC]); if (cpk->x509 != NULL && cpk->privatekey != NULL) { - if (ssl_cert_can_sign(cpk->x509)) + /* Key usage, if present, must allow signing. */ + if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE) mask_a |= SSL_aECDSA; } @@ -2080,29 +2224,25 @@ ssl_using_ecc_cipher(SSL *s) { unsigned long alg_a, alg_k; - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; - return SSI(s)->tlsext_ecpointformatlist != NULL && - SSI(s)->tlsext_ecpointformatlist_length > 0 && + return s->session->tlsext_ecpointformatlist != NULL && + s->session->tlsext_ecpointformatlist_length > 0 && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); } int -ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) +ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) { - const SSL_CIPHER *cs = S3I(s)->hs.new_cipher; - unsigned long alg_a; + const SSL_CIPHER *cs = s->s3->hs.cipher; + unsigned long alg_a; alg_a = cs->algorithm_auth; if (alg_a & SSL_aECDSA) { - /* This call populates extension flags (ex_flags). */ - X509_check_purpose(x, -1, 0); - /* Key usage, if present, must allow signing. */ - if ((x->ex_flags & EXFLAG_KUSAGE) && - ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) { + if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING); return (0); } @@ -2111,17 +2251,17 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return (1); } -CERT_PKEY * +SSL_CERT_PKEY * ssl_get_server_send_pkey(const SSL *s) { - unsigned long alg_a; - CERT *c; - int i; + unsigned long alg_a; + SSL_CERT *c; + int i; c = s->cert; - ssl_set_cert_masks(c, S3I(s)->hs.new_cipher); + ssl_set_cert_masks(c, s->s3->hs.cipher); - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_a = s->s3->hs.cipher->algorithm_auth; if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; @@ -2143,9 +2283,9 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, { const struct ssl_sigalg *sigalg = NULL; EVP_PKEY *pkey = NULL; - unsigned long alg_a; - CERT *c; - int idx = -1; + unsigned long alg_a; + SSL_CERT *c; + int idx = -1; alg_a = cipher->algorithm_auth; c = s->cert; @@ -2171,83 +2311,144 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd, return (pkey); } -DH * -ssl_get_auto_dh(SSL *s) +size_t +ssl_dhe_params_auto_key_bits(SSL *s) { - CERT_PKEY *cpk; - int keylen; - DH *dhp; + SSL_CERT_PKEY *cpk; + int key_bits; - if (s->cert->dh_tmp_auto == 2) { - keylen = 1024; - } else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { - keylen = 1024; - if (S3I(s)->hs.new_cipher->strength_bits == 256) - keylen = 3072; + if (s->cert->dhe_params_auto == 2) { + key_bits = 1024; + } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { + key_bits = 1024; + if (s->s3->hs.cipher->strength_bits == 256) + key_bits = 3072; } else { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) - return (NULL); - if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL) - return (NULL); - keylen = EVP_PKEY_bits(cpk->privatekey); + return 0; + if (cpk->privatekey == NULL || + EVP_PKEY_get0_RSA(cpk->privatekey) == NULL) + return 0; + if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0) + return 0; } - if ((dhp = DH_new()) == NULL) - return (NULL); + return key_bits; +} - dhp->g = BN_new(); - if (dhp->g != NULL) - BN_set_word(dhp->g, 2); +static int +ssl_should_update_external_cache(SSL *s, int mode) +{ + int cache_mode; - if (keylen >= 8192) - dhp->p = get_rfc3526_prime_8192(NULL); - else if (keylen >= 4096) - dhp->p = get_rfc3526_prime_4096(NULL); - else if (keylen >= 3072) - dhp->p = get_rfc3526_prime_3072(NULL); - else if (keylen >= 2048) - dhp->p = get_rfc3526_prime_2048(NULL); - else if (keylen >= 1536) - dhp->p = get_rfc3526_prime_1536(NULL); - else - dhp->p = get_rfc2409_prime_1024(NULL); + cache_mode = s->session_ctx->internal->session_cache_mode; - if (dhp->p == NULL || dhp->g == NULL) { - DH_free(dhp); - return (NULL); - } - return (dhp); + /* Don't cache if mode says not to */ + if ((cache_mode & mode) == 0) + return 0; + + /* if it is not already cached, cache it */ + if (!s->internal->hit) + return 1; + + /* If it's TLS 1.3, do it to match OpenSSL */ + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) + return 1; + + return 0; +} + +static int +ssl_should_update_internal_cache(SSL *s, int mode) +{ + int cache_mode; + + cache_mode = s->session_ctx->internal->session_cache_mode; + + /* Don't cache if mode says not to */ + if ((cache_mode & mode) == 0) + return 0; + + /* If it is already cached, don't cache it again */ + if (s->internal->hit) + return 0; + + if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) + return 0; + + /* If we are lesser than TLS 1.3, Cache it. */ + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) + return 1; + + /* Below this we consider TLS 1.3 or later */ + + /* If it's not a server, add it? OpenSSL does this. */ + if (!s->server) + return 1; + + /* XXX if we support early data / PSK need to add */ + + /* + * If we have the remove session callback, we will want + * to know about this even if it's a stateless ticket + * from 1.3 so we can know when it is removed. + */ + if (s->session_ctx->internal->remove_session_cb != NULL) + return 1; + + /* If we have set OP_NO_TICKET, cache it. */ + if ((s->internal->options & SSL_OP_NO_TICKET) != 0) + return 1; + + /* Otherwise do not cache */ + return 0; } void ssl_update_cache(SSL *s, int mode) { - int i; + int cache_mode, do_callback; - /* - * If the session_id_length is 0, we are not supposed to cache it, - * and it would be rather hard to do anyway :-) - */ if (s->session->session_id_length == 0) return; - i = s->session_ctx->internal->session_cache_mode; - if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx, s->session)) - && (s->session_ctx->internal->new_session_cb != NULL)) { - CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); - if (!s->session_ctx->internal->new_session_cb(s, s->session)) - SSL_SESSION_free(s->session); + cache_mode = s->session_ctx->internal->session_cache_mode; + do_callback = ssl_should_update_external_cache(s, mode); + + if (ssl_should_update_internal_cache(s, mode)) { + /* + * XXX should we fail if the add to the internal cache + * fails? OpenSSL doesn't care.. + */ + (void) SSL_CTX_add_session(s->session_ctx, s->session); } - /* auto flush every 255 connections */ - if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && - ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) ? - s->session_ctx->internal->stats.sess_connect_good : - s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) { + /* + * Update the "external cache" by calling the new session + * callback if present, even with TLS 1.3 without early data + * "because some application just want to know about the + * creation of a session and aren't doing a full cache". + * Apparently, if they are doing a full cache, they'll have + * some fun, but we endeavour to give application writers the + * same glorious experience they expect from OpenSSL which + * does it this way. + */ + if (do_callback && s->session_ctx->internal->new_session_cb != NULL) { + CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); + if (!s->session_ctx->internal->new_session_cb(s, s->session)) + SSL_SESSION_free(s->session); + } + + /* Auto flush every 255 connections. */ + if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && + (cache_mode & mode) != 0) { + int connections; + if (mode & SSL_SESS_CACHE_CLIENT) + connections = s->session_ctx->internal->stats.sess_connect_good; + else + connections = s->session_ctx->internal->stats.sess_accept_good; + if ((connections & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); - } } } @@ -2266,17 +2467,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) if (s->method == method) return (ret); - if (s->internal->handshake_func == s->method->internal->ssl_connect) - handshake_func = method->internal->ssl_connect; - else if (s->internal->handshake_func == s->method->internal->ssl_accept) - handshake_func = method->internal->ssl_accept; + if (s->internal->handshake_func == s->method->ssl_connect) + handshake_func = method->ssl_connect; + else if (s->internal->handshake_func == s->method->ssl_accept) + handshake_func = method->ssl_accept; - if (s->method->internal->version == method->internal->version) { + if (s->method->version == method->version) { s->method = method; } else { - s->method->internal->ssl_free(s); + s->method->ssl_free(s); s->method = method; - ret = s->method->internal->ssl_new(s); + ret = s->method->ssl_new(s); } s->internal->handshake_func = handshake_func; @@ -2286,15 +2487,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + unsigned long l; + int reason; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); - /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error */ + /* + * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake + * etc, where we do encode the error. + */ if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) return (SSL_ERROR_SYSCALL); @@ -2302,7 +2505,7 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if ((i < 0) && SSL_want_read(s)) { + if (SSL_want_read(s)) { bio = SSL_get_rbio(s); if (BIO_should_read(bio)) { return (SSL_ERROR_WANT_READ); @@ -2329,7 +2532,7 @@ SSL_get_error(const SSL *s, int i) } } - if ((i < 0) && SSL_want_write(s)) { + if (SSL_want_write(s)) { bio = SSL_get_wbio(s); if (BIO_should_write(bio)) { return (SSL_ERROR_WANT_WRITE); @@ -2349,34 +2552,31 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } } - if ((i < 0) && SSL_want_x509_lookup(s)) { - return (SSL_ERROR_WANT_X509_LOOKUP); - } - if (i == 0) { - if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && - (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) + if (SSL_want_x509_lookup(s)) + return (SSL_ERROR_WANT_X509_LOOKUP); + + if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) return (SSL_ERROR_ZERO_RETURN); - } + return (SSL_ERROR_SYSCALL); } int SSL_do_handshake(SSL *s) { - int ret = 1; - if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); return (-1); } - s->method->internal->ssl_renegotiate_check(s); + s->method->ssl_renegotiate_check(s); - if (SSL_in_init(s) || SSL_in_before(s)) { - ret = s->internal->handshake_func(s); - } - return (ret); + if (!SSL_in_init(s) && !SSL_in_before(s)) + return 1; + + return s->internal->handshake_func(s); } /* @@ -2388,8 +2588,8 @@ SSL_set_accept_state(SSL *s) { s->server = 1; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->internal->handshake_func = s->method->internal->ssl_accept; + s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->internal->handshake_func = s->method->ssl_accept; ssl_clear_cipher_state(s); } @@ -2398,8 +2598,8 @@ SSL_set_connect_state(SSL *s) { s->server = 0; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; - s->internal->handshake_func = s->method->internal->ssl_connect; + s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->internal->handshake_func = s->method->ssl_connect; ssl_clear_cipher_state(s); } @@ -2428,8 +2628,6 @@ const char * ssl_version_string(int ver) { switch (ver) { - case DTLS1_VERSION: - return (SSL_TXT_DTLS1); case TLS1_VERSION: return (SSL_TXT_TLSV1); case TLS1_1_VERSION: @@ -2438,6 +2636,10 @@ ssl_version_string(int ver) return (SSL_TXT_TLSV1_2); case TLS1_3_VERSION: return (SSL_TXT_TLSV1_3); + case DTLS1_VERSION: + return (SSL_TXT_DTLS1); + case DTLS1_2_VERSION: + return (SSL_TXT_DTLS1_2); default: return ("unknown"); } @@ -2461,7 +2663,6 @@ SSL_dup(SSL *s) goto err; ret->version = s->version; - ret->internal->type = s->internal->type; ret->method = s->method; if (s->session != NULL) { @@ -2475,9 +2676,9 @@ SSL_dup(SSL *s) * and thus we can't use SSL_copy_session_id. */ - ret->method->internal->ssl_free(ret); + ret->method->ssl_free(ret); ret->method = s->method; - ret->method->internal->ssl_new(ret); + ret->method->ssl_new(ret); ssl_cert_free(ret->cert); if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) @@ -2529,7 +2730,7 @@ SSL_dup(SSL *s) ret->internal->quiet_shutdown = s->internal->quiet_shutdown; ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ - S3I(ret)->hs.state = S3I(s)->hs.state; + ret->s3->hs.state = s->s3->hs.state; ret->internal->rstate = s->internal->rstate; /* @@ -2576,46 +2777,28 @@ SSL_dup(SSL *s) void ssl_clear_cipher_state(SSL *s) { - ssl_clear_cipher_read_state(s); - ssl_clear_cipher_write_state(s); -} - -void -ssl_clear_cipher_read_state(SSL *s) -{ - EVP_CIPHER_CTX_free(s->enc_read_ctx); - s->enc_read_ctx = NULL; - EVP_MD_CTX_free(s->read_hash); - s->read_hash = NULL; - tls12_record_layer_clear_read_state(s->internal->rl); - tls12_record_layer_set_read_seq_num(s->internal->rl, - S3I(s)->read_sequence); - - if (s->internal->aead_read_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); - free(s->internal->aead_read_ctx); - s->internal->aead_read_ctx = NULL; - } + tls12_record_layer_clear_write_state(s->internal->rl); } void -ssl_clear_cipher_write_state(SSL *s) +ssl_info_callback(const SSL *s, int type, int value) { - EVP_CIPHER_CTX_free(s->internal->enc_write_ctx); - s->internal->enc_write_ctx = NULL; - EVP_MD_CTX_free(s->internal->write_hash); - s->internal->write_hash = NULL; + ssl_info_callback_fn *cb; - tls12_record_layer_clear_write_state(s->internal->rl); - tls12_record_layer_set_write_seq_num(s->internal->rl, - S3I(s)->write_sequence); + if ((cb = s->internal->info_callback) == NULL) + cb = s->ctx->internal->info_callback; + if (cb != NULL) + cb(s, type, value); +} - if (s->internal->aead_write_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); - free(s->internal->aead_write_ctx); - s->internal->aead_write_ctx = NULL; - } +void +ssl_msg_callback(SSL *s, int is_write, int content_type, + const void *msg_buf, size_t msg_len) +{ + if (s->internal->msg_callback != NULL) + s->internal->msg_callback(is_write, s->version, content_type, + msg_buf, msg_len, s, s->internal->msg_callback_arg); } /* Fix this function so that it takes an optional type parameter */ @@ -2782,7 +2965,7 @@ SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { - CERT *new_cert; + SSL_CERT *new_cert; if (ctx == NULL) ctx = ssl->initial_ctx; @@ -2834,13 +3017,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) int SSL_state(const SSL *ssl) { - return (S3I(ssl)->hs.state); + return (ssl->s3->hs.state); } void SSL_set_state(SSL *ssl, int state) { - S3I(ssl)->hs.state = state; + ssl->s3->hs.state = state; } void @@ -2855,6 +3038,24 @@ SSL_get_verify_result(const SSL *ssl) return (ssl->verify_result); } +int +SSL_verify_client_post_handshake(SSL *ssl) +{ + return 0; +} + +void +SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) +{ + return; +} + +void +SSL_set_post_handshake_auth(SSL *ssl, int val) +{ + return; +} + int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) @@ -2923,6 +3124,15 @@ SSL_CTX_get0_certificate(const SSL_CTX *ctx) return ctx->internal->cert->key->x509; } +EVP_PKEY * +SSL_CTX_get0_privatekey(const SSL_CTX *ctx) +{ + if (ctx->internal->cert == NULL) + return NULL; + + return ctx->internal->cert->key->privatekey; +} + int SSL_want(const SSL *s) { @@ -3003,52 +3213,62 @@ SSL_cache_hit(SSL *s) int SSL_CTX_get_min_proto_version(SSL_CTX *ctx) { - return ctx->internal->min_version; + return ctx->internal->min_proto_version; } int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_min(ctx->method, version, - ctx->internal->max_version, &ctx->internal->min_version); + ctx->internal->max_tls_version, &ctx->internal->min_tls_version, + &ctx->internal->min_proto_version); } int SSL_CTX_get_max_proto_version(SSL_CTX *ctx) { - return ctx->internal->max_version; + return ctx->internal->max_proto_version; } int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) { return ssl_version_set_max(ctx->method, version, - ctx->internal->min_version, &ctx->internal->max_version); + ctx->internal->min_tls_version, &ctx->internal->max_tls_version, + &ctx->internal->max_proto_version); } int SSL_get_min_proto_version(SSL *ssl) { - return ssl->internal->min_version; + return ssl->internal->min_proto_version; } int SSL_set_min_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_min(ssl->method, version, - ssl->internal->max_version, &ssl->internal->min_version); + ssl->internal->max_tls_version, &ssl->internal->min_tls_version, + &ssl->internal->min_proto_version); } int SSL_get_max_proto_version(SSL *ssl) { - return ssl->internal->max_version; + return ssl->internal->max_proto_version; } int SSL_set_max_proto_version(SSL *ssl, uint16_t version) { return ssl_version_set_max(ssl->method, version, - ssl->internal->min_version, &ssl->internal->max_version); + ssl->internal->min_tls_version, &ssl->internal->max_tls_version, + &ssl->internal->max_proto_version); +} + +const SSL_METHOD * +SSL_CTX_get_ssl_method(const SSL_CTX *ctx) +{ + return ctx->method; } static int diff --git a/externals/libressl/ssl/ssl_locl.h b/externals/libressl/ssl/ssl_locl.h index 9a9ef5928..f0c261b48 100755 --- a/externals/libressl/ssl/ssl_locl.h +++ b/externals/libressl/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.295 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.388 2022/03/17 17:22:16 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,6 +152,7 @@ #include #include + #include #include #include @@ -161,7 +162,6 @@ #include #include "bytestring.h" -#include "ssl_sigalgs.h" #include "tls13_internal.h" __BEGIN_HIDDEN_DECLS @@ -169,6 +169,10 @@ __BEGIN_HIDDEN_DECLS #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ __attribute__((__unused__)) +#ifndef LIBRESSL_HAS_DTLS1_2 +#define LIBRESSL_HAS_DTLS1_2 +#endif + #ifndef LIBRESSL_HAS_TLS1_3_CLIENT #define LIBRESSL_HAS_TLS1_3_CLIENT #endif @@ -313,25 +317,21 @@ __BEGIN_HIDDEN_DECLS */ #define SSL_C_PKEYLENGTH(c) 1024 -/* Check if an SSL structure is using DTLS. */ -#define SSL_IS_DTLS(s) \ - (s->method->internal->version == DTLS1_VERSION) - -/* See if we need explicit IV. */ -#define SSL_USE_EXPLICIT_IV(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) - /* See if we use signature algorithms extension. */ #define SSL_USE_SIGALGS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) + (s->method->enc_flags & SSL_ENC_FLAG_SIGALGS) + +/* See if we use SHA256 default PRF. */ +#define SSL_USE_SHA256_PRF(s) \ + (s->method->enc_flags & SSL_ENC_FLAG_SHA256_PRF) /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) + (s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Allow TLS 1.3 ciphersuites only. */ #define SSL_USE_TLS1_3_CIPHERS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) + (s->method->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) #define SSL_PKEY_RSA 0 #define SSL_PKEY_ECC 1 @@ -348,12 +348,6 @@ __BEGIN_HIDDEN_DECLS * SSL_aDSS <- DSA_SIGN */ -/* -#define CERT_INVALID 0 -#define CERT_PUBLIC_KEY 1 -#define CERT_PRIVATE_KEY 2 -*/ - /* From ECC-TLS draft, used in encoding the curve type in * ECParameters */ @@ -361,11 +355,63 @@ __BEGIN_HIDDEN_DECLS #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 -typedef struct ssl_method_internal_st { +typedef struct ssl_cert_pkey_st { + X509 *x509; + EVP_PKEY *privatekey; + STACK_OF(X509) *chain; +} SSL_CERT_PKEY; + +typedef struct ssl_cert_st { + /* Current active set */ + /* ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. */ + SSL_CERT_PKEY *key; + + SSL_CERT_PKEY pkeys[SSL_PKEY_NUM]; + + /* The following masks are for the key and auth + * algorithms that are supported by the certs below */ + int valid; + unsigned long mask_k; + unsigned long mask_a; + + DH *dhe_params; + DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); + int dhe_params_auto; + + int references; /* >1 only if SSL_copy_session_id is used */ +} SSL_CERT; + +struct ssl_comp_st { + int id; + const char *name; +}; + +struct ssl_cipher_st { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + + unsigned long algorithm_mkey; /* key exchange algorithm */ + unsigned long algorithm_auth; /* server authentication */ + unsigned long algorithm_enc; /* symmetric encryption */ + unsigned long algorithm_mac; /* symmetric authentication */ + unsigned long algorithm_ssl; /* (major) protocol version */ + + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ +}; + +struct ssl_method_st { + int dtls; + int server; int version; - uint16_t min_version; - uint16_t max_version; + uint16_t min_tls_version; + uint16_t max_tls_version; int (*ssl_new)(SSL *s); void (*ssl_clear)(SSL *s); @@ -383,10 +429,78 @@ typedef struct ssl_method_internal_st { int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ -} SSL_METHOD_INTERNAL; + const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); + + unsigned int enc_flags; /* SSL_ENC_FLAG_* */ +}; + +/* Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET STRING, -- the 3 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key + * KRB5_principal OCTET STRING -- optional Kerberos principal + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' + * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension + * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint + * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity + * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket + * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) + * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method + * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +struct ssl_session_st { + int ssl_version; /* what ssl version session info is + * being kept in here? */ + + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + + /* this is used to determine whether the session is being reused in + * the appropriate context. It is up to the application to set this, + * via SSL_new */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* Peer provided leaf (end-entity) certificate. */ + X509 *peer_cert; + int peer_cert_type; + + /* when app_verify_callback accepts a session where the peer's certificate + * is not ok, we must remember the error for session reuse: */ + long verify_result; /* only for servers */ + + long timeout; + time_t time; + int references; + + const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this + * needs to be used to load + * the 'cipher' structure */ + + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + + char *tlsext_hostname; + + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -typedef struct ssl_session_internal_st { CRYPTO_EX_DATA ex_data; /* application specific data */ /* These are used to make removal of session-ids more @@ -398,61 +512,49 @@ typedef struct ssl_session_internal_st { * not_resumable_session_cb to disable session caching and tickets. */ int not_resumable; - /* The cert is the certificate used to establish this connection */ - struct sess_cert_st /* SESS_CERT */ *sess_cert; + STACK_OF(X509) *cert_chain; /* as received from peer */ size_t tlsext_ecpointformatlist_length; uint8_t *tlsext_ecpointformatlist; /* peer's list */ size_t tlsext_supportedgroups_length; uint16_t *tlsext_supportedgroups; /* peer's list */ -} SSL_SESSION_INTERNAL; -#define SSI(s) (s->session->internal) +}; -typedef struct ssl_handshake_st { - /* state contains one of the SSL3_ST_* values. */ - int state; +struct ssl_sigalg; - /* used when SSL_ST_FLUSH_DATA is entered */ +typedef struct ssl_handshake_tls12_st { + /* Used when SSL_ST_FLUSH_DATA is entered. */ int next_state; - /* new_cipher is the cipher being negotiated in this handshake. */ - const SSL_CIPHER *new_cipher; + /* Handshake message type and size. */ + int message_type; + unsigned long message_size; - /* key_block is the record-layer key block for TLS 1.2 and earlier. */ - int key_block_len; - unsigned char *key_block; + /* Reuse current handshake message. */ + int reuse_message; - /* Extensions seen in this handshake. */ - uint32_t extensions_seen; + /* Client certificate requests. */ + int cert_request; + STACK_OF(X509_NAME) *ca_names; - /* sigalgs offered in this handshake in wire form */ - size_t sigalgs_len; - uint8_t *sigalgs; -} SSL_HANDSHAKE; + /* Record-layer key block for TLS 1.2 and earlier. */ + struct tls12_key_block *key_block; -typedef struct cert_pkey_st { - X509 *x509; - EVP_PKEY *privatekey; - STACK_OF(X509) *chain; -} CERT_PKEY; + /* Transcript hash prior to sending certificate verify message. */ + uint8_t cert_verify[EVP_MAX_MD_SIZE]; +} SSL_HANDSHAKE_TLS12; typedef struct ssl_handshake_tls13_st { - uint16_t min_version; - uint16_t max_version; - uint16_t version; - int use_legacy; int hrr; - /* Certificate and sigalg selected for use (static pointers). */ - const CERT_PKEY *cpk; - const struct ssl_sigalg *sigalg; + /* Certificate selected for use (static pointer). */ + const SSL_CERT_PKEY *cpk; /* Version proposed by peer server. */ uint16_t server_version; uint16_t server_group; - struct tls13_key_share *key_share; struct tls13_secrets *secrets; uint8_t *cookie; @@ -470,40 +572,141 @@ typedef struct ssl_handshake_tls13_st { EVP_MD_CTX *clienthello_md_ctx; unsigned char *clienthello_hash; unsigned int clienthello_hash_len; - } SSL_HANDSHAKE_TLS13; +typedef struct ssl_handshake_st { + /* + * Minimum and maximum versions supported for this handshake. These are + * initialised at the start of a handshake based on the method in use + * and the current protocol version configuration. + */ + uint16_t our_min_tls_version; + uint16_t our_max_tls_version; + + /* + * Version negotiated for this session. For a client this is set once + * the server selected version is parsed from the ServerHello (either + * from the legacy version or supported versions extension). For a + * server this is set once we select the version we will use with the + * client. + */ + uint16_t negotiated_tls_version; + + /* + * Legacy version advertised by our peer. For a server this is the + * version specified by the client in the ClientHello message. For a + * client, this is the version provided in the ServerHello message. + */ + uint16_t peer_legacy_version; + + /* + * Current handshake state - contains one of the SSL3_ST_* values and + * is used by the TLSv1.2 state machine, as well as being updated by + * the TLSv1.3 stack due to it being exposed externally. + */ + int state; + + /* Cipher being negotiated in this handshake. */ + const SSL_CIPHER *cipher; + + /* Extensions seen in this handshake. */ + uint32_t extensions_seen; + + /* Signature algorithms selected for use (static pointers). */ + const struct ssl_sigalg *our_sigalg; + const struct ssl_sigalg *peer_sigalg; + + /* sigalgs offered in this handshake in wire form */ + uint8_t *sigalgs; + size_t sigalgs_len; + + /* Key share for ephemeral key exchange. */ + struct tls_key_share *key_share; + + /* + * Copies of the verify data sent in our finished message and the + * verify data received in the finished message sent by our peer. + */ + uint8_t finished[EVP_MAX_MD_SIZE]; + size_t finished_len; + uint8_t peer_finished[EVP_MAX_MD_SIZE]; + size_t peer_finished_len; + + SSL_HANDSHAKE_TLS12 tls12; + SSL_HANDSHAKE_TLS13 tls13; +} SSL_HANDSHAKE; + +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; + +/* TLS Session Ticket extension struct. */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +struct tls12_key_block; + +struct tls12_key_block *tls12_key_block_new(void); +void tls12_key_block_free(struct tls12_key_block *kb); +void tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key, + CBS *key, CBS *iv); +void tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key, + CBS *key, CBS *iv); +int tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, + const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash); + struct tls12_record_layer; struct tls12_record_layer *tls12_record_layer_new(void); void tls12_record_layer_free(struct tls12_record_layer *rl); +void tls12_record_layer_alert(struct tls12_record_layer *rl, + uint8_t *alert_desc); +int tls12_record_layer_write_overhead(struct tls12_record_layer *rl, + size_t *overhead); +int tls12_record_layer_read_protected(struct tls12_record_layer *rl); +int tls12_record_layer_write_protected(struct tls12_record_layer *rl); +void tls12_record_layer_set_aead(struct tls12_record_layer *rl, + const EVP_AEAD *aead); +void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, + const EVP_CIPHER *cipher, const EVP_MD *handshake_hash, + const EVP_MD *mac_hash); void tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version); -void tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl, +void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, uint16_t epoch); -void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, +uint16_t tls12_record_layer_read_epoch(struct tls12_record_layer *rl); +uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); +int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, + uint16_t epoch); +void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoch); void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); -void tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl, - uint8_t *seq_num); -void tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl, - uint8_t *seq_num); -int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx); -int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx); -int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac); -int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac); +void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); +int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, + CBS *mac_key, CBS *key, CBS *iv); +int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, + CBS *mac_key, CBS *key, CBS *iv); +int tls12_record_layer_open_record(struct tls12_record_layer *rl, + uint8_t *buf, size_t buf_len, uint8_t **out, size_t *out_len); int tls12_record_layer_seal_record(struct tls12_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out); +typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val); +typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + typedef struct ssl_ctx_internal_st { - uint16_t min_version; - uint16_t max_version; + uint16_t min_tls_version; + uint16_t max_tls_version; + + /* + * These may be zero to imply minimum or maximum version supported by + * the method. + */ + uint16_t min_proto_version; + uint16_t max_proto_version; unsigned long options; unsigned long mode; @@ -536,11 +739,10 @@ typedef struct ssl_ctx_internal_st { int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len); - void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ + ssl_info_callback_fn *info_callback; /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); + ssl_msg_callback_fn *msg_callback; void *msg_callback_arg; int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ @@ -599,7 +801,7 @@ typedef struct ssl_ctx_internal_st { STACK_OF(SSL_CIPHER) *cipher_list_tls13; - struct cert_st /* CERT */ *cert; + SSL_CERT *cert; /* Default values used when no per-SSL value is defined follow */ @@ -659,13 +861,60 @@ typedef struct ssl_ctx_internal_st { uint8_t *tlsext_ecpointformatlist; /* our list */ size_t tlsext_supportedgroups_length; uint16_t *tlsext_supportedgroups; /* our list */ + SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */ + size_t num_tickets; /* Unused, for OpenSSL compatibility */ } SSL_CTX_INTERNAL; +struct ssl_ctx_st { + const SSL_METHOD *method; + + STACK_OF(SSL_CIPHER) *cipher_list; + + struct x509_store_st /* X509_STORE */ *cert_store; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + int references; + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + STACK_OF(X509) *extra_certs; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + X509_VERIFY_PARAM *param; + + /* + * XXX + * default_passwd_cb used by python and openvpn, need to keep it until we + * add an accessor + */ + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + struct ssl_ctx_internal_st *internal; +}; + typedef struct ssl_internal_st { struct tls13_ctx *tls13; - uint16_t min_version; - uint16_t max_version; + uint16_t min_tls_version; + uint16_t max_tls_version; + + /* + * These may be zero to imply minimum or maximum version supported by + * the method. + */ + uint16_t min_proto_version; + uint16_t max_proto_version; unsigned long options; /* protocol behaviour */ unsigned long mode; /* API behaviour */ @@ -679,17 +928,17 @@ typedef struct ssl_internal_st { /* true when we are actually in SSL_accept() or SSL_connect() */ int in_handshake; int (*handshake_func)(SSL *); - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; + ssl_info_callback_fn *info_callback; + + /* callback that allows applications to peek at protocol messages */ + ssl_msg_callback_fn *msg_callback; + void *msg_callback_arg; int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ - void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, @@ -706,8 +955,6 @@ typedef struct ssl_internal_st { /* XXX non-callback */ - int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - /* This holds a variable that indicates what we were doing * when a 0 or -1 is returned. This is needed for * non-blocking IO so we know what request needs re-doing when @@ -745,21 +992,6 @@ typedef struct ssl_internal_st { STACK_OF(SSL_CIPHER) *cipher_list_tls13; - /* These are the ones being used, the ones in SSL_SESSION are - * the ones to be 'copied' into these ones */ - int mac_flags; - - SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then - enc_read_ctx and read_hash are - ignored. */ - - SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then - enc_write_ctx and write_hash are - ignored. */ - - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ - struct tls12_record_layer *rl; /* session info */ @@ -799,7 +1031,7 @@ typedef struct ssl_internal_st { TLS_SESSION_TICKET_EXT *tlsext_session_ticket; STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ + const SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ int renegotiate;/* 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -810,8 +1042,77 @@ typedef struct ssl_internal_st { int mac_packet; int empty_record_count; + + size_t num_tickets; /* Unused, for OpenSSL compatibility */ + STACK_OF(X509) *verified_chain; } SSL_INTERNAL; +struct ssl_st { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + + const SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ + int server; /* are we the server side? - mostly used by SSL_clear*/ + + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + X509_VERIFY_PARAM *param; + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + + /* This is used to hold the server certificate used */ + SSL_CERT *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int error; /* error bytes to be written */ + int error_code; /* actual code */ + + SSL_CTX *ctx; + + long verify_result; + + int references; + + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ + + unsigned int max_send_fragment; + + char *tlsext_hostname; + + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx + + struct ssl_internal_st *internal; +}; + typedef struct ssl3_record_internal_st { int type; /* type of record */ unsigned int length; /* How many bytes available */ @@ -819,7 +1120,7 @@ typedef struct ssl3_record_internal_st { unsigned int off; /* read/write offset into 'buf' */ unsigned char *data; /* pointer to the record data */ unsigned char *input; /* where the decode bytes are */ - unsigned long epoch; /* epoch number, needed by DTLS1 */ + uint16_t epoch; /* epoch number, needed by DTLS1 */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ } SSL3_RECORD_INTERNAL; @@ -831,13 +1132,11 @@ typedef struct ssl3_buffer_internal_st { int left; /* how many bytes left */ } SSL3_BUFFER_INTERNAL; -typedef struct ssl3_state_internal_st { - unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; - int read_mac_secret_size; - unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; - int write_mac_secret_size; - unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; +typedef struct ssl3_state_st { + long flags; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ @@ -889,44 +1188,6 @@ typedef struct ssl3_state_internal_st { int in_read_app_data; SSL_HANDSHAKE hs; - SSL_HANDSHAKE_TLS13 hs_tls13; - - struct { - int new_mac_secret_size; - - /* actually only needs to be 16+20 */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; - - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE*2]; - int finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; - int peer_finish_md_len; - - unsigned long message_size; - int message_type; - - DH *dh; - - EC_KEY *ecdh; /* holds short lived ECDH key */ - int ecdh_nid; - - uint8_t *x25519; - - int reuse_message; - - /* used for certificate requests */ - int cert_req; - int ctype_num; - char ctype[SSL3_CT_NUMBER]; - STACK_OF(X509_NAME) *ca_names; - - const EVP_CIPHER *new_sym_enc; - const EVP_AEAD *new_aead; - const EVP_MD *new_hash; - int new_mac_pkey_type; - int cert_request; - } tmp; /* Connection binding to prevent renegotiation attacks */ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; @@ -948,136 +1209,12 @@ typedef struct ssl3_state_internal_st { */ unsigned char *alpn_selected; size_t alpn_selected_len; -} SSL3_STATE_INTERNAL; -#define S3I(s) (s->s3->internal) - -typedef struct dtls1_record_data_internal_st { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER_INTERNAL rbuf; - SSL3_RECORD_INTERNAL rrec; -} DTLS1_RECORD_DATA_INTERNAL; - -typedef struct dtls1_state_internal_st { - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - - unsigned short handshake_read_seq; - - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[SSL3_SEQUENCE_SIZE]; - - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - - /* Buffered handshake messages */ - struct _pqueue *buffered_messages; - - /* Buffered application records. - * Only for records between CCS and Finished - * to prevent either protocol violation or - * unnecessary message loss. - */ - record_pqueue buffered_app_data; - - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - - struct dtls1_timeout_st timeout; - - /* storage for Alert/Handshake protocol data received but not - * yet processed by ssl3_read_bytes: */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - - unsigned int retransmitting; - unsigned int change_cipher_spec_ok; -} DTLS1_STATE_INTERNAL; -#define D1I(s) (s->d1->internal) - -typedef struct cert_st { - /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ - - /* The following masks are for the key and auth - * algorithms that are supported by the certs below */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - - DH *dh_tmp; - DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); - int dh_tmp_auto; - - CERT_PKEY pkeys[SSL_PKEY_NUM]; - - int references; /* >1 only if SSL_copy_session_id is used */ -} CERT; - - -typedef struct sess_cert_st { - STACK_OF(X509) *cert_chain; /* as received from peer */ - - /* The 'peer_...' members are used only by clients. */ - int peer_cert_type; - - CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ - CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; - /* Obviously we don't have the private keys of these, - * so maybe we shouldn't even use the CERT_PKEY type here. */ - - int peer_nid; - DH *peer_dh_tmp; - EC_KEY *peer_ecdh_tmp; - uint8_t *peer_x25519_tmp; - - int references; /* actually always 1 at the moment */ -} SESS_CERT; - -/*#define SSL_DEBUG */ -/*#define RSA_DEBUG */ - -typedef struct ssl3_enc_method { - unsigned int enc_flags; -} SSL3_ENC_METHOD; +} SSL3_STATE; /* * Flag values for enc_flags. */ -/* Uses explicit IV. */ -#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) - /* Uses signature algorithms extension. */ #define SSL_ENC_FLAG_SIGALGS (1 << 1) @@ -1090,71 +1227,52 @@ typedef struct ssl3_enc_method { /* Allow TLS 1.3 ciphersuites only. */ #define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5) -/* - * ssl_aead_ctx_st contains information about an AEAD that is being used to - * encrypt an SSL connection. - */ -struct ssl_aead_ctx_st { - EVP_AEAD_CTX ctx; - /* - * fixed_nonce contains any bytes of the nonce that are fixed for all - * records. - */ - unsigned char fixed_nonce[12]; - unsigned char fixed_nonce_len; - unsigned char variable_nonce_len; - unsigned char xor_fixed_nonce; - unsigned char tag_len; - /* - * variable_nonce_in_record is non-zero if the variable nonce - * for a record is included as a prefix before the ciphertext. - */ - char variable_nonce_in_record; -}; +#define TLSV1_ENC_FLAGS 0 +#define TLSV1_1_ENC_FLAGS 0 +#define TLSV1_2_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ + SSL_ENC_FLAG_SHA256_PRF | \ + SSL_ENC_FLAG_TLS1_2_CIPHERS) +#define TLSV1_3_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ + SSL_ENC_FLAG_TLS1_3_CIPHERS) -extern SSL_CIPHER ssl3_ciphers[]; +extern const SSL_CIPHER ssl3_ciphers[]; const char *ssl_version_string(int ver); -int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); -int ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); +int ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, + uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); +int ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, + uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver); +int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); +int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); +uint16_t ssl_tls_version(uint16_t version); +uint16_t ssl_effective_tls_version(SSL *s); +int ssl_max_supported_version(SSL *s, uint16_t *max_ver); +int ssl_max_legacy_version(SSL *s, uint16_t *max_ver); int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); -int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, - uint16_t *out_ver); -int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, - uint16_t *out_ver); -int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver); +int ssl_check_version_from_server(SSL *s, uint16_t server_version); +int ssl_legacy_stack_version(SSL *s, uint16_t version); int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher); -int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, +int ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver); const SSL_METHOD *tls_legacy_method(void); -const SSL_METHOD *tls_legacy_client_method(void); -const SSL_METHOD *tls_legacy_server_method(void); - -const SSL_METHOD *ssl_get_client_method(uint16_t version); -const SSL_METHOD *ssl_get_server_method(uint16_t version); - -extern SSL3_ENC_METHOD DTLSv1_enc_data; -extern SSL3_ENC_METHOD TLSv1_enc_data; -extern SSL3_ENC_METHOD TLSv1_1_enc_data; -extern SSL3_ENC_METHOD TLSv1_2_enc_data; -extern SSL3_ENC_METHOD TLSv1_3_enc_data; +const SSL_METHOD *ssl_get_method(uint16_t version); void ssl_clear_cipher_state(SSL *s); -void ssl_clear_cipher_read_state(SSL *s); -void ssl_clear_cipher_write_state(SSL *s); int ssl_clear_bad_session(SSL *s); -CERT *ssl_cert_new(void); -CERT *ssl_cert_dup(CERT *cert); -void ssl_cert_free(CERT *c); -int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); -int ssl_cert_add0_chain_cert(CERT *c, X509 *cert); -int ssl_cert_add1_chain_cert(CERT *c, X509 *cert); +void ssl_info_callback(const SSL *s, int type, int value); +void ssl_msg_callback(SSL *s, int is_write, int content_type, + const void *msg_buf, size_t msg_len); + +SSL_CERT *ssl_cert_new(void); +SSL_CERT *ssl_cert_dup(SSL_CERT *cert); +void ssl_cert_free(SSL_CERT *c); +int ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain); +int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain); +int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert); +int ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert); -SESS_CERT *ssl_sess_cert_new(void); -void ssl_sess_cert_free(SESS_CERT *sc); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert); @@ -1180,12 +1298,12 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, const struct ssl_sigalg **sap); -DH *ssl_get_auto_dh(SSL *s); -int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +size_t ssl_dhe_params_auto_key_bits(SSL *s); +int ssl_cert_type(EVP_PKEY *pkey); +void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_has_ecc_ciphers(SSL *s); int ssl_verify_alarm_type(long type); @@ -1193,7 +1311,6 @@ int ssl_verify_alarm_type(long type); int SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len); const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); int ssl3_send_cert_status(SSL *s); @@ -1202,8 +1319,8 @@ int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); int ssl3_get_req_cert_types(SSL *s, CBB *cbb); -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); +int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); +int ssl3_send_finished(SSL *s, int state_a, int state_b); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); @@ -1213,10 +1330,14 @@ int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); +void ssl_force_want_read(SSL *s); + int ssl3_dispatch_alert(SSL *s); +int ssl3_read_alert(SSL *s); +int ssl3_read_change_cipher_spec(SSL *s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk); +int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk); SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); int ssl3_setup_buffers(SSL *s); @@ -1249,51 +1370,17 @@ int ssl3_handshake_msg_finish(SSL *s, CBB *handshake); int ssl3_handshake_write(SSL *s); int ssl3_record_write(SSL *s, int type); -void tls1_record_sequence_increment(unsigned char *seq); int ssl3_do_change_cipher_spec(SSL *ssl); -int dtls1_do_write(SSL *s, int type); int ssl3_packet_read(SSL *s, int plen); int ssl3_packet_extend(SSL *s, int plen); int ssl_server_legacy_first_packet(SSL *s); -int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len); -void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len); -void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, unsigned long frag_off, - unsigned long frag_len); - -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); - -int dtls1_read_failed(SSL *s, int code); -int dtls1_buffer_message(SSL *s, int ccs); -int dtls1_retransmit_message(SSL *s, unsigned short seq, - unsigned long frag_off, int *found); -int dtls1_get_queue_priority(unsigned short seq, int is_ccs); -int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); -int dtls1_get_message_header(unsigned char *data, - struct hm_header_st *msg_hdr); -void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); -void dtls1_reset_seq_numbers(SSL *s, int rw); -void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, - unsigned short epoch); -struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); -int dtls1_check_timeout_num(SSL *s); -int dtls1_handle_timeout(SSL *s); -const SSL_CIPHER *dtls1_get_cipher(unsigned int u); -void dtls1_start_timer(SSL *s); -void dtls1_stop_timer(SSL *s); -int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); -unsigned int dtls1_min_mtu(void); /* some client-only functions */ -int dtls1_get_hello_verify(SSL *s); int ssl3_send_client_hello(SSL *s); +int ssl3_get_dtls_hello_verify(SSL *s); int ssl3_get_server_hello(SSL *s); int ssl3_get_certificate_request(SSL *s); int ssl3_get_new_session_ticket(SSL *s); @@ -1309,8 +1396,8 @@ int ssl3_check_cert_and_algorithm(SSL *s); int ssl3_check_finished(SSL *s); /* some server-only functions */ -int dtls1_send_hello_verify_request(SSL *s); int ssl3_get_client_hello(SSL *s); +int ssl3_send_dtls_hello_verify_request(SSL *s); int ssl3_send_server_hello(SSL *s); int ssl3_send_hello_request(SSL *s); int ssl3_send_server_key_exchange(SSL *s); @@ -1320,6 +1407,17 @@ int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); +int ssl_kex_generate_dhe(DH *dh, DH *dh_params); +int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len); +int ssl_kex_params_dhe(DH *dh, CBB *cbb); +int ssl_kex_public_dhe(DH *dh, CBB *cbb); +int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_params); +int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, + int *invalid_key); +int ssl_kex_derive_dhe(DH *dh, DH *dh_peer, + uint8_t **shared_key, size_t *shared_key_len); + int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey); int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid); int ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb); @@ -1331,21 +1429,12 @@ int tls1_new(SSL *s); void tls1_free(SSL *s); void tls1_clear(SSL *s); -int dtls1_new(SSL *s); -void dtls1_free(SSL *s); -void dtls1_clear(SSL *s); -long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); - -long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); -int dtls1_get_record(SSL *s); -int dtls1_dispatch_alert(SSL *s); - int ssl_init_wbio_buffer(SSL *s, int push); void ssl_free_wbio_buffer(SSL *s); int tls1_transcript_hash_init(SSL *s); int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len); -int tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, +int tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, size_t *outlen); void tls1_transcript_hash_free(SSL *s); @@ -1358,22 +1447,28 @@ void tls1_transcript_freeze(SSL *s); void tls1_transcript_unfreeze(SSL *s); int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len); +int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, + const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, + const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, + const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len); + void tls1_cleanup_key_block(SSL *s); -int tls1_change_cipher_state(SSL *s, int which); +int tls1_change_read_cipher_state(SSL *s); +int tls1_change_write_cipher_state(SSL *s); int tls1_setup_key_block(SSL *s); -int tls1_enc(SSL *s, int snd); -int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p); -int tls1_mac(SSL *ssl, unsigned char *md, int snd); -int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); +int tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len); int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); -int tls1_alert_code(int code); int ssl_ok(SSL *s); +int tls12_derive_finished(SSL *s); +int tls12_derive_peer_finished(SSL *s); +int tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret, + size_t premaster_secret_len); + int ssl_using_ecc_cipher(SSL *s); -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); +int ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x); void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, size_t *pformatslen); @@ -1390,8 +1485,6 @@ uint16_t tls1_ec_nid2curve_id(const int nid); int tls1_check_curve(SSL *s, const uint16_t group_id); int tls1_get_shared_curve(SSL *s); -int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, - size_t n, int *al); int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); @@ -1404,15 +1497,13 @@ int ssl_check_serverhello_tlsext(SSL *s); int tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret); -long ssl_get_algorithm2(SSL *s); - int tls1_check_ec_server_key(SSL *s); /* s3_cbc.c */ void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec, unsigned int md_size, unsigned int orig_len); -int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec, - unsigned int block_size, unsigned int mac_size); +int ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len, + unsigned int mac_size); char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, const unsigned char header[13], @@ -1427,10 +1518,10 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l); #ifndef OPENSSL_NO_SRTP -int srtp_find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, unsigned int len); +int srtp_find_profile_by_name(const char *profile_name, + const SRTP_PROTECTION_PROFILE **pptr, unsigned int len); int srtp_find_profile_by_num(unsigned int profile_num, - SRTP_PROTECTION_PROFILE **pptr); + const SRTP_PROTECTION_PROFILE **pptr); #endif /* OPENSSL_NO_SRTP */ diff --git a/externals/libressl/ssl/ssl_methods.c b/externals/libressl/ssl/ssl_methods.c index ff8d17af0..d8ffbb7b5 100755 --- a/externals/libressl/ssl/ssl_methods.c +++ b/externals/libressl/ssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.16 2020/09/17 15:23:29 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.28 2021/07/26 03:17:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,13 +56,37 @@ * [including the GNU Public Licence.] */ +#include "dtls_locl.h" #include "ssl_locl.h" #include "tls13_internal.h" -static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { - .version = DTLS1_VERSION, - .min_version = DTLS1_VERSION, - .max_version = DTLS1_VERSION, +static const SSL_METHOD DTLS_method_data = { + .dtls = 1, + .server = 1, + .version = DTLS1_2_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .get_cipher = dtls1_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLS_client_method_data = { + .dtls = 1, + .server = 0, + .version = DTLS1_2_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_2_VERSION, .ssl_new = dtls1_new, .ssl_clear = dtls1_clear, .ssl_free = dtls1_free, @@ -74,16 +98,92 @@ static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &DTLSv1_enc_data, + .get_cipher = dtls1_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLSv1_method_data = { + .dtls = 1, + .server = 1, + .version = DTLS1_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_1_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .get_cipher = dtls1_get_cipher, + .enc_flags = TLSV1_1_ENC_FLAGS, }; static const SSL_METHOD DTLSv1_client_method_data = { - .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, + .dtls = 1, + .server = 0, + .version = DTLS1_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_1_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_client_method_internal_data, + .enc_flags = TLSV1_1_ENC_FLAGS, +}; + +static const SSL_METHOD DTLSv1_2_method_data = { + .dtls = 1, + .server = 1, + .version = DTLS1_2_VERSION, + .min_tls_version = TLS1_2_VERSION, + .max_tls_version = TLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .get_cipher = dtls1_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLSv1_2_client_method_data = { + .dtls = 1, + .server = 0, + .version = DTLS1_2_VERSION, + .min_tls_version = TLS1_2_VERSION, + .max_tls_version = TLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .get_cipher = dtls1_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, }; const SSL_METHOD * @@ -92,272 +192,61 @@ DTLSv1_client_method(void) return &DTLSv1_client_method_data; } -const SSL_METHOD * -DTLS_client_method(void) -{ - return DTLSv1_client_method(); -} - -static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { - .version = DTLS1_VERSION, - .min_version = DTLS1_VERSION, - .max_version = DTLS1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &DTLSv1_enc_data, -}; - -static const SSL_METHOD DTLSv1_method_data = { - .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_method_internal_data, -}; - const SSL_METHOD * DTLSv1_method(void) { return &DTLSv1_method_data; } -const SSL_METHOD * -DTLS_method(void) -{ - return DTLSv1_method(); -} - -static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { - .version = DTLS1_VERSION, - .min_version = DTLS1_VERSION, - .max_version = DTLS1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &DTLSv1_enc_data, -}; - -static const SSL_METHOD DTLSv1_server_method_data = { - .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_server_method_internal_data, -}; - const SSL_METHOD * DTLSv1_server_method(void) { - return &DTLSv1_server_method_data; + return &DTLSv1_method_data; +} + +const SSL_METHOD * +DTLSv1_2_client_method(void) +{ + return &DTLSv1_2_client_method_data; +} + +const SSL_METHOD * +DTLSv1_2_method(void) +{ + return &DTLSv1_2_method_data; +} + +const SSL_METHOD * +DTLSv1_2_server_method(void) +{ + return &DTLSv1_2_method_data; +} + +const SSL_METHOD * +DTLS_client_method(void) +{ + return &DTLS_client_method_data; +} + +const SSL_METHOD * +DTLS_method(void) +{ + return &DTLS_method_data; } const SSL_METHOD * DTLS_server_method(void) { - return DTLSv1_server_method(); -} - -#ifdef LIBRESSL_HAS_TLS1_3_CLIENT -static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { - .version = TLS1_3_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = tls13_legacy_connect, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, -}; - -static const SSL_METHOD TLS_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_client_method_internal_data, -}; -#endif - -static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLS_legacy_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { - .version = TLS1_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, -}; - -static const SSL_METHOD TLSv1_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { - .version = TLS1_1_VERSION, - .min_version = TLS1_1_VERSION, - .max_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD TLSv1_1_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_2_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLSv1_2_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_client_method_internal_data, -}; - -const SSL_METHOD * -SSLv23_client_method(void) -{ - return (TLS_client_method()); -} - -const SSL_METHOD * -TLS_client_method(void) -{ -#ifdef LIBRESSL_HAS_TLS1_3_CLIENT - return (&TLS_client_method_data); -#else - return tls_legacy_client_method(); -#endif -} - -const SSL_METHOD * -tls_legacy_client_method(void) -{ - return (&TLS_legacy_client_method_data); -} - -const SSL_METHOD * -TLSv1_client_method(void) -{ - return (&TLSv1_client_method_data); -} - -const SSL_METHOD * -TLSv1_1_client_method(void) -{ - return (&TLSv1_1_client_method_data); -} - -const SSL_METHOD * -TLSv1_2_client_method(void) -{ - return (&TLSv1_2_client_method_data); + return &DTLS_method_data; } #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) -static const SSL_METHOD_INTERNAL TLS_method_internal_data = { +static const SSL_METHOD TLS_method_data = { + .dtls = 0, + .server = 1, .version = TLS1_3_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_3_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_3_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, @@ -369,23 +258,17 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, -}; - -static const SSL_METHOD TLS_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_method_internal_data, + .enc_flags = TLSV1_3_ENC_FLAGS, }; #endif -static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { +static const SSL_METHOD TLS_legacy_method_data = { + .dtls = 0, + .server = 1, .version = TLS1_2_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_2_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, @@ -397,49 +280,62 @@ static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLS_legacy_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { - .version = TLS1_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_VERSION, +#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) +static const SSL_METHOD TLS_client_method_data = { + .dtls = 0, + .server = 0, + .version = TLS1_3_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_3_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = tls13_legacy_accept, + .ssl_connect = tls13_legacy_connect, + .ssl_shutdown = tls13_legacy_shutdown, + .ssl_renegotiate = ssl_undefined_function, + .ssl_renegotiate_check = ssl_ok, + .ssl_pending = tls13_legacy_pending, + .ssl_read_bytes = tls13_legacy_read_bytes, + .ssl_write_bytes = tls13_legacy_write_bytes, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_3_ENC_FLAGS, +}; + +#else + +static const SSL_METHOD TLS_legacy_client_method_data = { + .dtls = 0, + .server = 0, + .version = TLS1_2_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_renegotiate = ssl_undefined_function, + .ssl_renegotiate_check = ssl_ok, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, }; +#endif static const SSL_METHOD TLSv1_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { - .version = TLS1_1_VERSION, - .min_version = TLS1_1_VERSION, - .max_version = TLS1_1_VERSION, + .dtls = 0, + .server = 1, + .version = TLS1_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, @@ -451,22 +347,37 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_ENC_FLAGS, +}; + +static const SSL_METHOD TLSv1_client_method_data = { + .dtls = 0, + .server = 0, + .version = TLS1_VERSION, + .min_tls_version = TLS1_VERSION, + .max_tls_version = TLS1_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = ssl3_read_bytes, + .ssl_write_bytes = ssl3_write_bytes, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_ENC_FLAGS, }; static const SSL_METHOD TLSv1_1_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_2_VERSION, - .max_version = TLS1_2_VERSION, + .dtls = 0, + .server = 1, + .version = TLS1_1_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, @@ -478,22 +389,81 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_1_ENC_FLAGS, +}; + +static const SSL_METHOD TLSv1_1_client_method_data = { + .dtls = 0, + .server = 0, + .version = TLS1_1_VERSION, + .min_tls_version = TLS1_1_VERSION, + .max_tls_version = TLS1_1_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = ssl3_read_bytes, + .ssl_write_bytes = ssl3_write_bytes, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_1_ENC_FLAGS, }; static const SSL_METHOD TLSv1_2_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, + .dtls = 0, + .server = 1, + .version = TLS1_2_VERSION, + .min_tls_version = TLS1_2_VERSION, + .max_tls_version = TLS1_2_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = ssl3_read_bytes, + .ssl_write_bytes = ssl3_write_bytes, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD TLSv1_2_client_method_data = { + .dtls = 0, + .server = 0, + .version = TLS1_2_VERSION, + .min_tls_version = TLS1_2_VERSION, + .max_tls_version = TLS1_2_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = ssl3_read_bytes, + .ssl_write_bytes = ssl3_write_bytes, + .get_cipher = ssl3_get_cipher, + .enc_flags = TLSV1_2_ENC_FLAGS, }; const SSL_METHOD * -SSLv23_method(void) +TLS_client_method(void) { - return (TLS_method()); +#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) + return (&TLS_client_method_data); +#else + return (&TLS_legacy_client_method_data); +#endif } const SSL_METHOD * @@ -506,237 +476,105 @@ TLS_method(void) #endif } +const SSL_METHOD * +TLS_server_method(void) +{ + return TLS_method(); +} + const SSL_METHOD * tls_legacy_method(void) { return (&TLS_legacy_method_data); } +const SSL_METHOD * +SSLv23_client_method(void) +{ + return TLS_client_method(); +} + +const SSL_METHOD * +SSLv23_method(void) +{ + return TLS_method(); +} + +const SSL_METHOD * +SSLv23_server_method(void) +{ + return TLS_method(); +} + +const SSL_METHOD * +TLSv1_client_method(void) +{ + return (&TLSv1_client_method_data); +} + const SSL_METHOD * TLSv1_method(void) { return (&TLSv1_method_data); } +const SSL_METHOD * +TLSv1_server_method(void) +{ + return (&TLSv1_method_data); +} + +const SSL_METHOD * +TLSv1_1_client_method(void) +{ + return (&TLSv1_1_client_method_data); +} + const SSL_METHOD * TLSv1_1_method(void) { return (&TLSv1_1_method_data); } +const SSL_METHOD * +TLSv1_1_server_method(void) +{ + return (&TLSv1_1_method_data); +} + +const SSL_METHOD * +TLSv1_2_client_method(void) +{ + return (&TLSv1_2_client_method_data); +} + const SSL_METHOD * TLSv1_2_method(void) { return (&TLSv1_2_method_data); } -#ifdef LIBRESSL_HAS_TLS1_3_SERVER -static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { - .version = TLS1_3_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = tls13_legacy_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, -}; - -static const SSL_METHOD TLS_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_server_method_internal_data, -}; -#endif - -static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLS_legacy_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { - .version = TLS1_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, -}; - -static const SSL_METHOD TLSv1_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { - .version = TLS1_1_VERSION, - .min_version = TLS1_1_VERSION, - .max_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD TLSv1_1_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_2_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLSv1_2_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_server_method_internal_data, -}; - -const SSL_METHOD * -SSLv23_server_method(void) -{ - return (TLS_server_method()); -} - -const SSL_METHOD * -TLS_server_method(void) -{ -#ifdef LIBRESSL_HAS_TLS1_3_SERVER - return (&TLS_server_method_data); -#else - return tls_legacy_server_method(); -#endif -} - -const SSL_METHOD * -tls_legacy_server_method(void) -{ - return (&TLS_legacy_server_method_data); -} - -const SSL_METHOD * -TLSv1_server_method(void) -{ - return (&TLSv1_server_method_data); -} - -const SSL_METHOD * -TLSv1_1_server_method(void) -{ - return (&TLSv1_1_server_method_data); -} - const SSL_METHOD * TLSv1_2_server_method(void) { - return (&TLSv1_2_server_method_data); + return (&TLSv1_2_method_data); } const SSL_METHOD * -ssl_get_client_method(uint16_t version) +ssl_get_method(uint16_t version) { if (version == TLS1_3_VERSION) - return (TLS_client_method()); + return (TLS_method()); if (version == TLS1_2_VERSION) - return (TLSv1_2_client_method()); + return (TLSv1_2_method()); if (version == TLS1_1_VERSION) - return (TLSv1_1_client_method()); + return (TLSv1_1_method()); if (version == TLS1_VERSION) - return (TLSv1_client_method()); + return (TLSv1_method()); if (version == DTLS1_VERSION) - return (DTLSv1_client_method()); - - return (NULL); -} - -const SSL_METHOD * -ssl_get_server_method(uint16_t version) -{ - if (version == TLS1_3_VERSION) - return (TLS_server_method()); - if (version == TLS1_2_VERSION) - return (TLSv1_2_server_method()); - if (version == TLS1_1_VERSION) - return (TLSv1_1_server_method()); - if (version == TLS1_VERSION) - return (TLSv1_server_method()); - if (version == DTLS1_VERSION) - return (DTLSv1_server_method()); + return (DTLSv1_method()); + if (version == DTLS1_2_VERSION) + return (DTLSv1_2_method()); return (NULL); } diff --git a/externals/libressl/ssl/ssl_packet.c b/externals/libressl/ssl/ssl_packet.c index d8fb409d8..091685b21 100755 --- a/externals/libressl/ssl/ssl_packet.c +++ b/externals/libressl/ssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.8 2018/11/08 22:28:52 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -15,9 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ssl_locl.h" - #include "bytestring.h" +#include "ssl_locl.h" static int ssl_is_sslv2_client_hello(CBS *header) @@ -210,10 +209,10 @@ ssl_convert_sslv2_client_hello(SSL *s) if (!CBB_finish(&cbb, &data, &data_len)) goto err; - if (data_len > S3I(s)->rbuf.len) + if (data_len > s->s3->rbuf.len) goto err; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = data_len; memcpy(s->internal->packet, data, data_len); ret = 1; @@ -238,7 +237,7 @@ ssl_server_legacy_first_packet(SSL *s) const char *data; CBS header; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 1; CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); @@ -247,12 +246,12 @@ ssl_server_legacy_first_packet(SSL *s) return 1; /* Only continue if this is not a version locked method. */ - if (s->method->internal->min_version == s->method->internal->max_version) + if (s->method->min_tls_version == s->method->max_tls_version) return 1; if (ssl_is_sslv2_client_hello(&header) == 1) { /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */ - if (ssl_enabled_version_range(s, &min_version, NULL) != 1) { + if (ssl_enabled_tls_version_range(s, &min_version, NULL) != 1) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return -1; } diff --git a/externals/libressl/ssl/ssl_pkt.c b/externals/libressl/ssl/ssl_pkt.c index c9c86471d..3dd026954 100755 --- a/externals/libressl/ssl/ssl_pkt.c +++ b/externals/libressl/ssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.31 2020/08/30 15:40:20 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.58 2022/03/26 15:05:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,12 +112,12 @@ #include #include -#include "ssl_locl.h" - #include #include #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len); @@ -127,21 +127,22 @@ static int ssl3_get_record(SSL *s); * Force a WANT_READ return for certain error conditions where * we don't want to spin internally. */ -static void +void ssl_force_want_read(SSL *s) { - BIO * bio; + BIO *bio; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); + s->internal->rwstate = SSL_READING; } /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. - * The packet will be in the sub-array of S3I(s)->rbuf.buf specified + * The packet will be in the sub-array of s->s3->rbuf.buf specified * by s->internal->packet and s->internal->packet_length. * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf * [plus s->internal->packet_length bytes if extend == 1].) @@ -149,15 +150,14 @@ ssl_force_want_read(SSL *s) static int ssl3_read_n(SSL *s, int n, int max, int extend) { + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); int i, len, left; size_t align; unsigned char *pkt; - SSL3_BUFFER_INTERNAL *rb; if (n <= 0) return n; - rb = &(S3I(s)->rbuf); if (rb->buf == NULL) if (!ssl3_setup_read_buffer(s)) return -1; @@ -195,7 +195,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* For DTLS/UDP reads should not span multiple packets * because the read operation returns the whole packet * at once (as long as it fits into the buffer). */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (left > 0 && n > left) n = left; } @@ -228,18 +228,18 @@ ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->internal->read_ahead) { - /* ignore max parameter */ - max = n; - } else { + if (s->internal->read_ahead || SSL_is_dtls(s)) { if (max < n) max = n; if (max > (int)(rb->len - rb->offset)) max = rb->len - rb->offset; + } else { + /* ignore max parameter */ + max = n; } while (left < n) { - /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf + /* Now we have len+left bytes at the front of s->s3->rbuf.buf * and need to read in more until we have len+n (up to * len+max if possible) */ @@ -255,7 +255,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) { + !SSL_is_dtls(s)) { if (len + left == 0) ssl3_release_read_buffer(s); } @@ -268,7 +268,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) * the underlying transport protocol is message oriented as * opposed to byte oriented as in the TLS case. */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (n > left) n = left; /* makes the while condition false */ } @@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen) { int n; - n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0); + n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); if (n <= 0) return n; if (s->internal->packet_length < plen) @@ -327,15 +327,13 @@ ssl3_packet_extend(SSL *s, int plen) static int ssl3_get_record(SSL *s) { - int al; - int enc_err, n, i, ret = -1; - SSL3_RECORD_INTERNAL *rr; - SSL_SESSION *sess; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mac_size, orig_len; - - rr = &(S3I(s)->rrec); - sess = s->session; + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); + uint8_t alert_desc; + uint8_t *out; + size_t out_len; + int al, n; + int ret = -1; again: /* check if we have the header */ @@ -373,13 +371,14 @@ ssl3_get_record(SSL *s) /* Lets check version */ if (!s->internal->first_packet && ssl_version != s->version) { - SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && - !s->internal->enc_write_ctx && !s->internal->write_hash) + !tls12_record_layer_write_protected(s->internal->rl)) { /* Send back error using their minor version number :-) */ s->version = ssl_version; + } + SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + goto fatal_err; } if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { @@ -387,17 +386,13 @@ ssl3_get_record(SSL *s) goto err; } - if (rr->length > S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH) { + if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + goto fatal_err; } - - /* now s->internal->rstate == SSL_ST_READ_BODY */ } - /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */ - n = ssl3_packet_extend(s, SSL3_RT_HEADER_LENGTH + rr->length); if (n <= 0) return (n); @@ -406,133 +401,50 @@ ssl3_get_record(SSL *s) s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ - /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->internal->packet - */ - rr->input = &(s->internal->packet[SSL3_RT_HEADER_LENGTH]); - - /* ok, we can now read from 's->internal->packet' data into 'rr' - * rr->input points at rr->length bytes, which - * need to be copied into rr->data by either - * the decryption or by the decompression - * When the data is 'copied' into the rr->data buffer, - * rr->input will be pointed at the new buffer */ - - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr->data = rr->input; - - /* enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid */ - if ((enc_err = tls1_enc(s, 0)) == 0) { - al = SSL_AD_BAD_RECORD_MAC; - SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - goto f_err; - } - - /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) { - /* s->read_hash != NULL => mac_size != -1 */ - unsigned char *mac = NULL; - unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - - mac_size = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); - - orig_len = rr->length + rr->padding_length; - - /* orig_len is the length of the record before any padding was - * removed. This is public information, as is the MAC in use, - * therefore we can safely process the record in a different - * amount of time if it's too short to possibly contain a MAC. - */ - if (orig_len < mac_size || - /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - orig_len < mac_size + 1)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { - /* We update the length so that the TLS header bytes - * can be constructed correctly but we need to extract - * the MAC in constant time from within the record, - * without leaking the contents of the padding bytes. - * */ - mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); - rr->length -= mac_size; - } else { - /* In this case there's no padding, so |orig_len| - * equals |rec->length| and we checked that there's - * enough bytes for |mac_size| above. */ - rr->length -= mac_size; - mac = &rr->data[rr->length]; - } - - i = tls1_mac(s,md,0 /* not send */); - if (i < 0 || mac == NULL || - timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) - enc_err = -1; - if (rr->length > - SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) - enc_err = -1; - } - - if (enc_err < 0) { - /* - * A separate 'decryption_failed' alert was introduced with - * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a - * decryption failure is directly visible from the ciphertext - * anyway, we should not reveal which kind of error - * occurred -- this might become visible to an attacker - * (e.g. via a logfile) - */ - al = SSL_AD_BAD_RECORD_MAC; - SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - goto f_err; - } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; - } - - rr->off = 0; /* - * So at this point the following is true - * - * ssl->s3->internal->rrec.type is the type of record - * ssl->s3->internal->rrec.length == number of bytes in record - * ssl->s3->internal->rrec.off == offset to first valid byte - * ssl->s3->internal->rrec.data == where to take bytes from, increment - * after use :-). + * A full record has now been read from the wire, which now needs + * to be processed. */ + tls12_record_layer_set_version(s->internal->rl, s->version); + + if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, + s->internal->packet_length, &out, &out_len)) { + tls12_record_layer_alert(s->internal->rl, &alert_desc); + + if (alert_desc == 0) + goto err; + + if (alert_desc == SSL_AD_RECORD_OVERFLOW) + SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + else if (alert_desc == SSL_AD_BAD_RECORD_MAC) + SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + + al = alert_desc; + goto fatal_err; + } + + rr->data = out; + rr->length = out_len; + rr->off = 0; /* we have pulled in a full packet so zero things */ s->internal->packet_length = 0; if (rr->length == 0) { /* - * CBC countermeasures for known IV weaknesses - * can legitimately insert a single empty record, - * so we allow ourselves to read once past a single - * empty record without forcing want_read. + * Zero-length fragments are only permitted for application + * data, as per RFC 5246 section 6.2.1. + */ + if (rr->type != SSL3_RT_APPLICATION_DATA) { + SSLerror(s, SSL_R_BAD_LENGTH); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto fatal_err; + } + + /* + * CBC countermeasures for known IV weaknesses can legitimately + * insert a single empty record, so we allow ourselves to read + * once past a single empty record without forcing want_read. */ if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { SSLerror(s, SSL_R_PEER_BEHAVING_BADLY); @@ -543,15 +455,15 @@ ssl3_get_record(SSL *s) return -1; } goto again; - } else { - s->internal->empty_record_count = 0; } + s->internal->empty_record_count = 0; + return (1); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: + err: return (ret); } @@ -571,8 +483,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } s->internal->rwstate = SSL_NOTHING; - tot = S3I(s)->wnum; - S3I(s)->wnum = 0; + tot = s->s3->wnum; + s->s3->wnum = 0; if (SSL_in_init(s) && !s->internal->in_handshake) { i = s->internal->handshake_func(s); @@ -595,7 +507,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = do_ssl3_write(s, type, &(buf[tot]), nw); if (i <= 0) { - S3I(s)->wnum = tot; + s->s3->wnum = tot; return i; } @@ -606,7 +518,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * empty fragment in ciphersuites with known-IV * weakness. */ - S3I(s)->empty_fragment_done = 0; + s->s3->empty_fragment_done = 0; return tot + i; } @@ -619,7 +531,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); SSL_SESSION *sess = s->session; int need_empty_fragment = 0; size_t align, out_len; @@ -641,8 +553,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return (ssl3_write_pending(s, type, buf, len)); /* If we have an alert to send, let's send it. */ - if (S3I(s)->alert_dispatch) { - if ((ret = s->method->ssl_dispatch_alert(s)) <= 0) + if (s->s3->alert_dispatch) { + if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ @@ -660,8 +572,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * bytes and record version number > TLS 1.0. */ version = s->version; - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && - TLS1_get_version(s) > TLS1_VERSION) + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && + !s->internal->renegotiate && + s->s3->hs.our_max_tls_version > TLS1_VERSION) version = TLS1_VERSION; /* @@ -669,10 +582,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this * is unnecessary for AEAD. */ - if (sess != NULL && s->internal->enc_write_ctx != NULL && - EVP_MD_CTX_md(s->internal->write_hash) != NULL) { - if (S3I(s)->need_empty_fragments && - !S3I(s)->empty_fragment_done && + if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { + if (s->s3->need_empty_fragments && + !s->s3->empty_fragment_done && type == SSL3_RT_APPLICATION_DATA) need_empty_fragment = 1; } @@ -697,7 +609,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, 0, &cbb)) goto err; - S3I(s)->empty_fragment_done = 1; + s->s3->empty_fragment_done = 1; } if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) @@ -712,10 +624,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); @@ -726,17 +638,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return -1; } -/* if S3I(s)->wbuf.left != 0, we need to call this */ +/* if s->s3->wbuf.left != 0, we need to call this */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { int i; - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); /* XXXX */ - if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && + if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || - (S3I(s)->wpend_type != type)) { + (s->s3->wpend_type != type)) { SSLerror(s, SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -755,16 +667,16 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) wb->left = 0; wb->offset += i; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) + !SSL_is_dtls(s)) ssl3_release_write_buffer(s); s->internal->rwstate = SSL_NOTHING; - return (S3I(s)->wpend_ret); + return (s->s3->wpend_ret); } else if (i <= 0) { /* * For DTLS, just drop it. That's kind of the * whole point in using a datagram service. */ - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) wb->left = 0; return (i); } @@ -773,6 +685,299 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) } } +int +ssl3_read_alert(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + uint8_t alert_level, alert_descr; + + /* + * TLSv1.2 permits an alert to be fragmented across multiple records or + * for multiple alerts to be be coalesced into a single alert record. + * In the case of DTLS, there is no way to reassemble an alert + * fragmented across multiple records, hence a full alert must be + * available in the record. + */ + while (rr->length > 0 && + s->s3->alert_fragment_len < sizeof(s->s3->alert_fragment)) { + s->s3->alert_fragment[s->s3->alert_fragment_len++] = + rr->data[rr->off++]; + rr->length--; + } + if (s->s3->alert_fragment_len < sizeof(s->s3->alert_fragment)) { + if (SSL_is_dtls(s)) { + SSLerror(s, SSL_R_BAD_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + return 1; + } + + ssl_msg_callback(s, 0, SSL3_RT_ALERT, s->s3->alert_fragment, 2); + + alert_level = s->s3->alert_fragment[0]; + alert_descr = s->s3->alert_fragment[1]; + s->s3->alert_fragment_len = 0; + + ssl_info_callback(s, SSL_CB_READ_ALERT, + (alert_level << 8) | alert_descr); + + if (alert_level == SSL3_AL_WARNING) { + s->s3->warn_alert = alert_descr; + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; + return 0; + } + /* We requested renegotiation and the peer rejected it. */ + if (alert_descr == SSL_AD_NO_RENEGOTIATION) { + SSLerror(s, SSL_R_NO_RENEGOTIATION); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + return -1; + } + } else if (alert_level == SSL3_AL_FATAL) { + s->internal->rwstate = SSL_NOTHING; + s->s3->fatal_alert = alert_descr; + SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); + ERR_asprintf_error_data("SSL alert number %d", alert_descr); + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; + SSL_CTX_remove_session(s->ctx, s->session); + return 0; + } else { + SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return -1; + } + + return 1; +} + +int +ssl3_read_change_cipher_spec(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + + /* + * 'Change Cipher Spec' is just a single byte, so we know exactly what + * the record payload has to look like. + */ + if (rr->length != 1 || rr->off != 0) { + SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + if (rr->data[0] != SSL3_MT_CCS) { + SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return -1; + } + + /* XDTLS: check that epoch is consistent */ + + ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1); + + /* Check that we have a cipher to change to. */ + if (s->s3->hs.cipher == NULL) { + SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* Check that we should be receiving a Change Cipher Spec. */ + if (SSL_is_dtls(s)) { + if (!s->d1->change_cipher_spec_ok) { + /* + * We can't process a CCS now, because previous + * handshake messages are still missing, so just + * drop it. + */ + rr->length = 0; + return 1; + } + s->d1->change_cipher_spec_ok = 0; + } else { + if ((s->s3->flags & SSL3_FLAGS_CCS_OK) == 0) { + SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + } + + rr->length = 0; + + s->s3->change_cipher_spec = 1; + if (!ssl3_do_change_cipher_spec(s)) + return -1; + + return 1; +} + +static int +ssl3_read_handshake_unexpected(SSL *s) +{ + SSL3_RECORD_INTERNAL *rr = &s->s3->rrec; + uint32_t hs_msg_length; + uint8_t hs_msg_type; + CBS cbs; + int ret; + + /* + * We need four bytes of handshake data so we have a handshake message + * header - this may be in the same record or fragmented across multiple + * records. + */ + while (rr->length > 0 && + s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) { + s->s3->handshake_fragment[s->s3->handshake_fragment_len++] = + rr->data[rr->off++]; + rr->length--; + } + + if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) + return 1; + + if (s->internal->in_handshake) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* + * This code currently deals with HelloRequest and ClientHello messages - + * anything else is pushed to the handshake_func. Almost all of this + * belongs in the client/server handshake code. + */ + + /* Parse handshake message header. */ + CBS_init(&cbs, s->s3->handshake_fragment, s->s3->handshake_fragment_len); + if (!CBS_get_u8(&cbs, &hs_msg_type)) + return -1; + if (!CBS_get_u24(&cbs, &hs_msg_length)) + return -1; + + if (hs_msg_type == SSL3_MT_HELLO_REQUEST) { + /* + * Incoming HelloRequest messages should only be received by a + * client. A server may send these at any time - a client should + * ignore the message if received in the middle of a handshake. + * See RFC 5246 sections 7.4 and 7.4.1.1. + */ + if (s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if (hs_msg_length != 0) { + SSLerror(s, SSL_R_BAD_HELLO_REQUEST); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + return -1; + } + + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, + s->s3->handshake_fragment, s->s3->handshake_fragment_len); + + s->s3->handshake_fragment_len = 0; + + /* + * It should be impossible to hit this, but keep the safety + * harness for now... + */ + if (s->session == NULL || s->session->cipher == NULL) + return 1; + + /* + * Ignore this message if we're currently handshaking, + * renegotiation is already pending or renegotiation is disabled + * via flags. + */ + if (!SSL_is_init_finished(s) || s->s3->renegotiate || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) + return 1; + + if (!ssl3_renegotiate(s)) + return 1; + if (!ssl3_renegotiate_check(s)) + return 1; + + } else if (hs_msg_type == SSL3_MT_CLIENT_HELLO) { + /* + * Incoming ClientHello messages should only be received by a + * server. A client may send these in response to server + * initiated renegotiation (HelloRequest) or in order to + * initiate renegotiation by the client. See RFC 5246 section + * 7.4.1.2. + */ + if (!s->server) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + /* + * A client should not be sending a ClientHello unless we're not + * currently handshaking. + */ + if (!SSL_is_init_finished(s)) { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_NO_RENEGOTIATION); + return -1; + } + + if (s->session == NULL || s->session->cipher == NULL) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* Client requested renegotiation but it is not permitted. */ + if (!s->s3->send_connection_binding || + (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) { + ssl3_send_alert(s, SSL3_AL_WARNING, + SSL_AD_NO_RENEGOTIATION); + return 1; + } + + s->s3->hs.state = SSL_ST_ACCEPT; + s->internal->renegotiate = 1; + s->internal->new_session = 1; + + } else { + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (s->s3->rbuf.left == 0) { + ssl_force_want_read(s); + return -1; + } + } + + /* + * We either finished a handshake or ignored the request, now try again + * to obtain the (application) data we were asked for. + */ + return 1; +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -803,64 +1008,61 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { - void (*cb)(const SSL *ssl, int type2, int val) = NULL; - int al, i, j, ret, rrcount = 0; - unsigned int n; SSL3_RECORD_INTERNAL *rr; + int rrcount = 0; + unsigned int n; + int ret; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) { if (!ssl3_setup_read_buffer(s)) - return (-1); + return -1; + } if (len < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - if ((type && type != SSL3_RT_APPLICATION_DATA && - type != SSL3_RT_HANDSHAKE) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) { + if (type != 0 && type != SSL3_RT_APPLICATION_DATA && + type != SSL3_RT_HANDSHAKE) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + if (peek && type != SSL3_RT_APPLICATION_DATA) { SSLerror(s, ERR_R_INTERNAL_ERROR); return -1; } - if ((type == SSL3_RT_HANDSHAKE) && - (S3I(s)->handshake_fragment_len > 0)) { - /* (partially) satisfy request from storage */ - unsigned char *src = S3I(s)->handshake_fragment; + if (type == SSL3_RT_HANDSHAKE && s->s3->handshake_fragment_len > 0) { + /* Partially satisfy request from fragment storage. */ + unsigned char *src = s->s3->handshake_fragment; unsigned char *dst = buf; unsigned int k; /* peek == 0 */ n = 0; - while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) { + while (len > 0 && s->s3->handshake_fragment_len > 0) { *dst++ = *src++; len--; - S3I(s)->handshake_fragment_len--; + s->s3->handshake_fragment_len--; n++; } /* move any remaining fragment bytes: */ - for (k = 0; k < S3I(s)->handshake_fragment_len; k++) - S3I(s)->handshake_fragment[k] = *src++; + for (k = 0; k < s->s3->handshake_fragment_len; k++) + s->s3->handshake_fragment[k] = *src++; return n; } - /* - * Now S3I(s)->handshake_fragment_len == 0 if - * type == SSL3_RT_HANDSHAKE. - */ - if (!s->internal->in_handshake && SSL_in_init(s)) { - /* type == SSL3_RT_APPLICATION_DATA */ - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { + if (SSL_in_init(s) && !s->internal->in_handshake) { + if ((ret = s->internal->handshake_func(s)) < 0) + return ret; + if (ret == 0) { SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } -start: + start: /* * Do not process more than three consecutive records, otherwise the * peer can cause us to loop indefinitely. Instead, return with an @@ -876,481 +1078,221 @@ start: s->internal->rwstate = SSL_NOTHING; - /* - * S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. - */ - rr = &(S3I(s)->rrec); + rr = &s->s3->rrec; - /* get new packet if necessary */ - if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { - ret = ssl3_get_record(s); - if (ret <= 0) - return (ret); + if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { + if ((ret = ssl3_get_record(s)) <= 0) + return ret; } - /* we now have a packet which can be read and processed */ + /* We now have a packet which can be read and processed. */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) { - al = SSL_AD_UNEXPECTED_MESSAGE; + if (s->s3->change_cipher_spec && rr->type != SSL3_RT_HANDSHAKE) { SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto f_err; + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ + /* + * If the other end has shut down, throw anything we read away (even in + * 'peek' mode). + */ if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { - rr->length = 0; s->internal->rwstate = SSL_NOTHING; - return (0); + rr->length = 0; + return 0; } - /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ if (type == rr->type) { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { - al = SSL_AD_UNEXPECTED_MESSAGE; + /* + * Make sure that we are not getting application data when we + * are doing a handshake for the first time. + */ + if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && + !tls12_record_layer_read_protected(s->internal->rl)) { SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; } if (len <= 0) - return (len); + return len; if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; - memcpy(buf, &(rr->data[rr->off]), n); + memcpy(buf, &rr->data[rr->off], n); if (!peek) { - memset(&(rr->data[rr->off]), 0, n); + memset(&rr->data[rr->off], 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) { s->internal->rstate = SSL_ST_READ_HEADER; rr->off = 0; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - S3I(s)->rbuf.left == 0) + s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } - return (n); + + return n; } - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - { - /* - * In case of record types for which we have 'fragment' - * storage, * fill that so that we can process the data - * at a fixed place. - */ - unsigned int dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof S3I(s)->handshake_fragment; - dest = S3I(s)->handshake_fragment; - dest_len = &S3I(s)->handshake_fragment_len; - } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof S3I(s)->alert_fragment; - dest = S3I(s)->alert_fragment; - dest_len = &S3I(s)->alert_fragment_len; - } - if (dest_maxlen > 0) { - /* available space in 'dest' */ - n = dest_maxlen - *dest_len; - if (rr->length < n) - n = rr->length; /* available bytes */ - - /* now move 'n' bytes: */ - while (n-- > 0) { - dest[(*dest_len)++] = rr->data[rr->off++]; - rr->length--; - } - - if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ - } - } - - /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - S3I(s)->handshake_fragment_len = 0; - - if ((S3I(s)->handshake_fragment[1] != 0) || - (S3I(s)->handshake_fragment[2] != 0) || - (S3I(s)->handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - S3I(s)->handshake_fragment, 4, s, - s->internal->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { - /* no read-ahead left? */ - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - ssl_force_want_read(s); - return (-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - goto start; - } - /* Disallow client initiated renegotiation if configured. */ - if (s->server && SSL_is_init_finished(s) && - S3I(s)->handshake_fragment_len >= 4 && - S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && - (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { - al = SSL_AD_NO_RENEGOTIATION; - goto f_err; - } - /* If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - * WARNING: experimental code, needs reviewing (steve) + /* + * If we get here, then type != rr->type; if we have a handshake + * message, then it was unexpected (Hello Request or Client Hello). */ - if (s->server && - SSL_is_init_finished(s) && - !S3I(s)->send_connection_binding && - (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL)) { - /*S3I(s)->handshake_fragment_len = 0;*/ - rr->length = 0; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } - if (S3I(s)->alert_fragment_len >= 2) { - int alert_level = S3I(s)->alert_fragment[0]; - int alert_descr = S3I(s)->alert_fragment[1]; - - S3I(s)->alert_fragment_len = 0; - - if (s->internal->msg_callback) - s->internal->msg_callback(0, s->version, SSL3_RT_ALERT, - S3I(s)->alert_fragment, 2, s, s->internal->msg_callback_arg); - - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - - if (cb != NULL) { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (alert_level == SSL3_AL_WARNING) { - S3I(s)->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } - /* This is a warning but we receive it if we requested - * renegotiation and the peer denied it. Terminate with - * a fatal alert because if application tried to - * renegotiatie it presumably had a good reason and - * expects it to succeed. - * - * In future we might have a renegotiation where we - * don't care if the peer refused it where we carry on. - */ - else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_NO_RENEGOTIATION); - goto f_err; - } - } else if (alert_level == SSL3_AL_FATAL) { - s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; - SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); - ERR_asprintf_error_data("SSL alert number %d", - alert_descr); - s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx, s->session); - return (0); - } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } + if (rr->type == SSL3_RT_ALERT) { + if ((ret = ssl3_read_alert(s)) <= 0) + return ret; goto start; } if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { - /* but we have not received a shutdown */ s->internal->rwstate = SSL_NOTHING; rr->length = 0; - return (0); + return 0; + } + + if (rr->type == SSL3_RT_APPLICATION_DATA) { + /* + * At this point, we were expecting handshake data, but have + * application data. If the library was running inside + * ssl3_read() (i.e. in_read_app_data is set) and it makes + * sense to read application data at this point (session + * renegotiation not yet started), we will indulge it. + */ + if (s->s3->in_read_app_data != 0 && + s->s3->total_renegotiations != 0 && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; + return -1; + } else { + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - if ((rr->length != 1) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; - } - - /* Check we have a cipher to change to */ - if (S3I(s)->hs.new_cipher == NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; - } - - /* Check that we should be receiving a Change Cipher Spec. */ - if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; - } - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - - rr->length = 0; - - if (s->internal->msg_callback) { - s->internal->msg_callback(0, s->version, - SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, - s->internal->msg_callback_arg); - } - - S3I(s)->change_cipher_spec = 1; - if (!ssl3_do_change_cipher_spec(s)) - goto err; - else - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->internal->renegotiate = 1; - s->internal->new_session = 1; - } - i = s->internal->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */ - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - ssl_force_want_read(s); - return (-1); - } - } + if ((ret = ssl3_read_change_cipher_spec(s)) <= 0) + return ret; goto start; } - switch (rr->type) { - default: - /* - * TLS up to v1.1 just ignores unknown message types: - * TLS v1.2 give an unexpected message alert. - */ - if (s->version >= TLS1_VERSION && - s->version <= TLS1_1_VERSION) { - rr->length = 0; - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto f_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that - * should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto f_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; - return (-1); - } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } + if (rr->type == SSL3_RT_HANDSHAKE) { + if ((ret = ssl3_read_handshake_unexpected(s)) <= 0) + return ret; + goto start; } - /* not reached */ -f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); -err: - return (-1); + /* + * Unknown record type - TLSv1.2 sends an unexpected message alert while + * earlier versions silently ignore the record. + */ + if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) { + rr->length = 0; + goto start; + } + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; } int ssl3_do_change_cipher_spec(SSL *s) { - int i; - const char *sender; - int slen; - - if (S3I(s)->hs.state & SSL_ST_ACCEPT) - i = SSL3_CHANGE_CIPHER_SERVER_READ; - else - i = SSL3_CHANGE_CIPHER_CLIENT_READ; - - if (S3I(s)->hs.key_block == NULL) { + if (s->s3->hs.tls12.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); return (0); } - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) return (0); } - if (!tls1_change_cipher_state(s, i)) + if (!tls1_change_read_cipher_state(s)) return (0); - /* we have to record the message digest at - * this point so we can get it before we read - * the finished message */ - if (S3I(s)->hs.state & SSL_ST_CONNECT) { - sender = TLS_MD_SERVER_FINISH_CONST; - slen = TLS_MD_SERVER_FINISH_CONST_SIZE; - } else { - sender = TLS_MD_CLIENT_FINISH_CONST; - slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; - } - - i = tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.peer_finish_md); - if (i == 0) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - return 0; - } - S3I(s)->tmp.peer_finish_md_len = i; + /* + * We have to record the message digest at this point so we can get it + * before we read the finished message. + */ + if (!tls12_derive_peer_finished(s)) + return (0); return (1); } +static int +ssl3_write_alert(SSL *s) +{ + if (SSL_is_dtls(s)) + return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); + + return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); +} + int ssl3_send_alert(SSL *s, int level, int desc) { - /* Map tls/ssl alert value to correct one */ - desc = tls1_alert_code(desc); - if (desc < 0) - return -1; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) + /* If alert is fatal, remove session from cache. */ + if (level == SSL3_AL_FATAL) SSL_CTX_remove_session(s->ctx, s->session); - S3I(s)->alert_dispatch = 1; - S3I(s)->send_alert[0] = level; - S3I(s)->send_alert[1] = desc; - if (S3I(s)->wbuf.left == 0) /* data still being written out? */ - return s->method->ssl_dispatch_alert(s); + s->s3->alert_dispatch = 1; + s->s3->send_alert[0] = level; + s->s3->send_alert[1] = desc; - /* else data is still being written out, we will get written - * some time in the future */ - return -1; + /* + * If data is still being written out, the alert will be dispatched at + * some point in the future. + */ + if (s->s3->wbuf.left != 0) + return -1; + + return ssl3_dispatch_alert(s); } int ssl3_dispatch_alert(SSL *s) { - int i, j; - void (*cb)(const SSL *ssl, int type, int val) = NULL; + int ret; - S3I(s)->alert_dispatch = 0; - i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2); - if (i <= 0) { - S3I(s)->alert_dispatch = 1; - } else { - /* Alert sent to BIO. If it is important, flush it now. - * If the message does not get sent due to non-blocking IO, - * we will not worry too much. */ - if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); - - if (s->internal->msg_callback) - s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, - S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg); - - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - - if (cb != NULL) { - j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1]; - cb(s, SSL_CB_WRITE_ALERT, j); - } + s->s3->alert_dispatch = 0; + if ((ret = ssl3_write_alert(s)) <= 0) { + s->s3->alert_dispatch = 1; + return ret; } - return (i); + + /* + * Alert sent to BIO. If it is important, flush it now. + * If the message does not get sent due to non-blocking IO, + * we will not worry too much. + */ + if (s->s3->send_alert[0] == SSL3_AL_FATAL) + (void)BIO_flush(s->wbio); + + ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2); + + ssl_info_callback(s, SSL_CB_WRITE_ALERT, + (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]); + + return ret; } diff --git a/externals/libressl/ssl/ssl_rsa.c b/externals/libressl/ssl/ssl_rsa.c index 0936c0bd4..f5c90fca8 100755 --- a/externals/libressl/ssl/ssl_rsa.c +++ b/externals/libressl/ssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.31 2019/03/25 16:46:48 jsing Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,17 +58,20 @@ #include -#include "ssl_locl.h" - #include #include #include #include #include -static int ssl_set_cert(CERT *c, X509 *x509); -static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); -static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *); +#include "ssl_locl.h" + +static int ssl_set_cert(SSL_CERT *c, X509 *x509); +static int ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey); +static int use_certificate_chain_bio(BIO *in, SSL_CERT *cert, + pem_password_cb *passwd_cb, void *passwd_arg); +static int use_certificate_chain_file(const char *file, SSL_CERT *cert, + pem_password_cb *passwd_cb, void *passwd_arg); int SSL_use_certificate(SSL *ssl, X509 *x) @@ -88,7 +91,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -117,7 +120,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) } ret = SSL_use_certificate(ssl, x); -end: + end: X509_free(x); BIO_free(in); return (ret); @@ -164,11 +167,11 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) } static int -ssl_set_pkey(CERT *c, EVP_PKEY *pkey) +ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey) { int i; - i = ssl_cert_type(NULL, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); @@ -185,19 +188,18 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) * Don't check the public/private key, this is mostly * for smart cards. */ - if ((pkey->type == EVP_PKEY_RSA) && - (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) -; - else - if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509 = NULL; - return 0; + if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || + !(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) { + if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { + X509_free(c->pkeys[i].x509); + c->pkeys[i].x509 = NULL; + return 0; + } } } EVP_PKEY_free(c->pkeys[i].privatekey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); @@ -212,7 +214,7 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -240,7 +242,7 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); -end: + end: BIO_free(in); return (ret); } @@ -281,7 +283,7 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerror(ssl, ERR_R_BUF_LIB); goto end; @@ -309,7 +311,7 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) } ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); -end: + end: BIO_free(in); return (ret); } @@ -341,7 +343,7 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) } static int -ssl_set_cert(CERT *c, X509 *x) +ssl_set_cert(SSL_CERT *c, X509 *x) { EVP_PKEY *pkey; int i; @@ -352,7 +354,7 @@ ssl_set_cert(CERT *c, X509 *x) return (0); } - i = ssl_cert_type(x, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); @@ -360,36 +362,35 @@ ssl_set_cert(CERT *c, X509 *x) } if (c->pkeys[i].privatekey != NULL) { - EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); + EVP_PKEY *priv_key = c->pkeys[i].privatekey; + + EVP_PKEY_copy_parameters(pkey, priv_key); ERR_clear_error(); /* * Don't check the public/private key, this is mostly * for smart cards. */ - if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && - (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & - RSA_METHOD_FLAG_NO_CHECK)) -; - else - if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { - /* - * don't fail for a cert/key mismatch, just free - * current private key (when switching to a different - * cert & key, first this function should be used, - * then ssl_set_pkey - */ - EVP_PKEY_free(c->pkeys[i].privatekey); - c->pkeys[i].privatekey = NULL; - /* clear error queue */ - ERR_clear_error(); + if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA || + !(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) { + if (!X509_check_private_key(x, priv_key)) { + /* + * don't fail for a cert/key mismatch, just free + * current private key (when switching to a + * different cert & key, first this function + * should be used, then ssl_set_pkey. + */ + EVP_PKEY_free(c->pkeys[i].privatekey); + c->pkeys[i].privatekey = NULL; + ERR_clear_error(); + } } } EVP_PKEY_free(pkey); X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); @@ -405,7 +406,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) int ret = 0; X509 *x = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -433,7 +434,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_certificate(ctx, x); -end: + end: X509_free(x); BIO_free(in); return (ret); @@ -486,7 +487,7 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; RSA *rsa = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -514,7 +515,7 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); -end: + end: BIO_free(in); return (ret); } @@ -552,7 +553,7 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO *in; EVP_PKEY *pkey = NULL; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -580,7 +581,7 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); -end: + end: BIO_free(in); return (ret); } @@ -609,29 +610,29 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, * sent to the peer in the Certificate message. */ static int -ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) +use_certificate_chain_bio(BIO *in, SSL_CERT *cert, pem_password_cb *passwd_cb, + void *passwd_arg) { X509 *ca, *x = NULL; unsigned long err; int ret = 0; - if ((x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) == NULL) { + if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) == + NULL) { SSLerrorx(ERR_R_PEM_LIB); goto err; } - if (!SSL_CTX_use_certificate(ctx, x)) + if (!ssl_set_cert(cert, x)) goto err; - if (!ssl_cert_set0_chain(ctx->internal->cert, NULL)) + if (!ssl_cert_set0_chain(cert, NULL)) goto err; /* Process any additional CA certificates. */ - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) != NULL) { - if (!ssl_cert_add0_chain_cert(ctx->internal->cert, ca)) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) != + NULL) { + if (!ssl_cert_add0_chain_cert(cert, ca)) { X509_free(ca); goto err; } @@ -652,12 +653,13 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) } int -SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +use_certificate_chain_file(const char *file, SSL_CERT *cert, + pem_password_cb *passwd_cb, void *passwd_arg) { BIO *in; int ret = 0; - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; @@ -668,13 +670,29 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) goto end; } - ret = ssl_ctx_use_certificate_chain_bio(ctx, in); + ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg); -end: + end: BIO_free(in); return (ret); } +int +SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ + return use_certificate_chain_file(file, ctx->internal->cert, + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); +} + +int +SSL_use_certificate_chain_file(SSL *ssl, const char *file) +{ + return use_certificate_chain_file(file, ssl->cert, + ssl->ctx->default_passwd_callback, + ssl->ctx->default_passwd_callback_userdata); +} + int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) { @@ -687,9 +705,11 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) goto end; } - ret = ssl_ctx_use_certificate_chain_bio(ctx, in); + ret = use_certificate_chain_bio(in, ctx->internal->cert, + ctx->default_passwd_callback, + ctx->default_passwd_callback_userdata); -end: + end: BIO_free(in); return (ret); } diff --git a/externals/libressl/ssl/ssl_sess.c b/externals/libressl/ssl/ssl_sess.c index d805419de..44c2e846b 100755 --- a/externals/libressl/ssl/ssl_sess.c +++ b/externals/libressl/ssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.109 2022/01/11 19:03:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -136,6 +136,7 @@ */ #include +#include #ifndef OPENSSL_NO_ENGINE #include @@ -185,13 +186,13 @@ SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); + return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); } void * SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { - return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); + return (CRYPTO_get_ex_data(&s->ex_data, idx)); } uint32_t @@ -220,26 +221,21 @@ SSL_SESSION_new(void) SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); } - if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) { - free(ss); - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (NULL); - } ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ ss->time = time(NULL); - ss->internal->prev = NULL; - ss->internal->next = NULL; + ss->prev = NULL; + ss->next = NULL; ss->tlsext_hostname = NULL; - ss->internal->tlsext_ecpointformatlist_length = 0; - ss->internal->tlsext_ecpointformatlist = NULL; - ss->internal->tlsext_supportedgroups_length = 0; - ss->internal->tlsext_supportedgroups = NULL; + ss->tlsext_ecpointformatlist_length = 0; + ss->tlsext_ecpointformatlist = NULL; + ss->tlsext_supportedgroups_length = 0; + ss->tlsext_supportedgroups = NULL; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); return (ss); } @@ -345,6 +341,7 @@ ssl_get_new_session(SSL *s, int session) case TLS1_1_VERSION: case TLS1_2_VERSION: case DTLS1_VERSION: + case DTLS1_2_VERSION: ss->ssl_version = s->version; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; break; @@ -736,7 +733,7 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); if (ret) { - r->internal->not_resumable = 1; + r->not_resumable = 1; if (ctx->internal->remove_session_cb != NULL) ctx->internal->remove_session_cb(ctx, r); SSL_SESSION_free(r); @@ -758,23 +755,22 @@ SSL_SESSION_free(SSL_SESSION *ss) if (i > 0) return; - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); explicit_bzero(ss->master_key, sizeof ss->master_key); explicit_bzero(ss->session_id, sizeof ss->session_id); - ssl_sess_cert_free(ss->internal->sess_cert); + sk_X509_pop_free(ss->cert_chain, X509_free); - X509_free(ss->peer); + X509_free(ss->peer_cert); sk_SSL_CIPHER_free(ss->ciphers); free(ss->tlsext_hostname); free(ss->tlsext_tick); - free(ss->internal->tlsext_ecpointformatlist); - free(ss->internal->tlsext_supportedgroups); + free(ss->tlsext_ecpointformatlist); + free(ss->tlsext_supportedgroups); - freezero(ss->internal, sizeof(*ss->internal)); freezero(ss, sizeof(*ss)); } @@ -797,7 +793,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session) return SSL_set_ssl_method(s, s->ctx->method); } - if ((method = ssl_get_client_method(session->ssl_version)) == NULL) { + if ((method = ssl_get_method(session->ssl_version)) == NULL) { SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); return (0); } @@ -872,10 +868,16 @@ SSL_SESSION_get_protocol_version(const SSL_SESSION *s) return s->ssl_version; } +const SSL_CIPHER * +SSL_SESSION_get0_cipher(const SSL_SESSION *s) +{ + return s->cipher; +} + X509 * SSL_SESSION_get0_peer(SSL_SESSION *s) { - return s->peer; + return s->peer_cert; } int @@ -905,6 +907,12 @@ SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 1; } +int +SSL_SESSION_is_resumable(const SSL_SESSION *s) +{ + return 0; +} + long SSL_CTX_set_timeout(SSL_CTX *s, long t) { @@ -993,7 +1001,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) * save on locking overhead */ (void)lh_SSL_SESSION_delete(p->cache, s); SSL_SESSION_list_remove(p->ctx, s); - s->internal->not_resumable = 1; + s->not_resumable = 1; if (p->ctx->internal->remove_session_cb != NULL) p->ctx->internal->remove_session_cb(p->ctx, s); SSL_SESSION_free(s); @@ -1045,50 +1053,50 @@ ssl_clear_bad_session(SSL *s) static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) { - if ((s->internal->next == NULL) || (s->internal->prev == NULL)) + if (s->next == NULL || s->prev == NULL) return; - if (s->internal->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { + if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { /* last element in list */ - if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { + if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { /* only one element in list */ ctx->internal->session_cache_head = NULL; ctx->internal->session_cache_tail = NULL; } else { - ctx->internal->session_cache_tail = s->internal->prev; - s->internal->prev->internal->next = + ctx->internal->session_cache_tail = s->prev; + s->prev->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); } } else { - if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { + if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { /* first element in list */ - ctx->internal->session_cache_head = s->internal->next; - s->internal->next->internal->prev = + ctx->internal->session_cache_head = s->next; + s->next->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); } else { /* middle of list */ - s->internal->next->internal->prev = s->internal->prev; - s->internal->prev->internal->next = s->internal->next; + s->next->prev = s->prev; + s->prev->next = s->next; } } - s->internal->prev = s->internal->next = NULL; + s->prev = s->next = NULL; } static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) { - if ((s->internal->next != NULL) && (s->internal->prev != NULL)) + if (s->next != NULL && s->prev != NULL) SSL_SESSION_list_remove(ctx, s); if (ctx->internal->session_cache_head == NULL) { ctx->internal->session_cache_head = s; ctx->internal->session_cache_tail = s; - s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); - s->internal->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); + s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); + s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); } else { - s->internal->next = ctx->internal->session_cache_head; - s->internal->next->internal->prev = s; - s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); + s->next = ctx->internal->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); ctx->internal->session_cache_head = s; } } diff --git a/externals/libressl/ssl/ssl_sigalgs.c b/externals/libressl/ssl/ssl_sigalgs.c index 6378ec8c0..daf735a8f 100755 --- a/externals/libressl/ssl/ssl_sigalgs.c +++ b/externals/libressl/ssl/ssl_sigalgs.c @@ -1,6 +1,7 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck + * Copyright (c) 2021 Joel Sing * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,10 +15,12 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include #include #include +#include #include "bytestring.h" #include "ssl_locl.h" @@ -27,101 +30,101 @@ const struct ssl_sigalg sigalgs[] = { { .value = SIGALG_RSA_PKCS1_SHA512, - .md = EVP_sha512, .key_type = EVP_PKEY_RSA, + .md = EVP_sha512, }, { .value = SIGALG_ECDSA_SECP521R1_SHA512, - .md = EVP_sha512, .key_type = EVP_PKEY_EC, + .md = EVP_sha512, .curve_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST { .value = SIGALG_GOSTR12_512_STREEBOG_512, - .md = EVP_streebog512, .key_type = EVP_PKEY_GOSTR12_512, + .md = EVP_streebog512, }, #endif { .value = SIGALG_RSA_PKCS1_SHA384, - .md = EVP_sha384, .key_type = EVP_PKEY_RSA, + .md = EVP_sha384, }, { .value = SIGALG_ECDSA_SECP384R1_SHA384, - .md = EVP_sha384, .key_type = EVP_PKEY_EC, + .md = EVP_sha384, .curve_nid = NID_secp384r1, }, { .value = SIGALG_RSA_PKCS1_SHA256, - .md = EVP_sha256, .key_type = EVP_PKEY_RSA, + .md = EVP_sha256, }, { .value = SIGALG_ECDSA_SECP256R1_SHA256, - .md = EVP_sha256, .key_type = EVP_PKEY_EC, + .md = EVP_sha256, .curve_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST { .value = SIGALG_GOSTR12_256_STREEBOG_256, - .md = EVP_streebog256, .key_type = EVP_PKEY_GOSTR12_256, + .md = EVP_streebog256, }, { .value = SIGALG_GOSTR01_GOST94, - .md = EVP_gostr341194, .key_type = EVP_PKEY_GOSTR01, + .md = EVP_gostr341194, }, #endif { .value = SIGALG_RSA_PSS_RSAE_SHA256, - .md = EVP_sha256, .key_type = EVP_PKEY_RSA, + .md = EVP_sha256, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA384, - .md = EVP_sha384, .key_type = EVP_PKEY_RSA, + .md = EVP_sha384, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA512, - .md = EVP_sha512, .key_type = EVP_PKEY_RSA, + .md = EVP_sha512, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA256, - .md = EVP_sha256, .key_type = EVP_PKEY_RSA, + .md = EVP_sha256, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA384, - .md = EVP_sha384, .key_type = EVP_PKEY_RSA, + .md = EVP_sha384, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA512, - .md = EVP_sha512, .key_type = EVP_PKEY_RSA, + .md = EVP_sha512, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PKCS1_SHA224, - .md = EVP_sha224, .key_type = EVP_PKEY_RSA, + .md = EVP_sha224, }, { .value = SIGALG_ECDSA_SECP224R1_SHA224, - .md = EVP_sha224, .key_type = EVP_PKEY_EC, + .md = EVP_sha224, }, { .value = SIGALG_RSA_PKCS1_SHA1, @@ -143,8 +146,8 @@ const struct ssl_sigalg sigalgs[] = { }, }; -/* Sigalgs for tls 1.3, in preference order, */ -uint16_t tls13_sigalgs[] = { +/* Sigalgs for TLSv1.3, in preference order. */ +const uint16_t tls13_sigalgs[] = { SIGALG_RSA_PSS_RSAE_SHA512, SIGALG_RSA_PKCS1_SHA512, SIGALG_ECDSA_SECP521R1_SHA512, @@ -155,10 +158,10 @@ uint16_t tls13_sigalgs[] = { SIGALG_RSA_PKCS1_SHA256, SIGALG_ECDSA_SECP256R1_SHA256, }; -size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); +const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0])); -/* Sigalgs for tls 1.2, in preference order, */ -uint16_t tls12_sigalgs[] = { +/* Sigalgs for TLSv1.2, in preference order. */ +const uint16_t tls12_sigalgs[] = { SIGALG_RSA_PSS_RSAE_SHA512, SIGALG_RSA_PKCS1_SHA512, SIGALG_ECDSA_SECP521R1_SHA512, @@ -171,87 +174,124 @@ uint16_t tls12_sigalgs[] = { SIGALG_RSA_PKCS1_SHA1, /* XXX */ SIGALG_ECDSA_SHA1, /* XXX */ }; -size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); +const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0])); -const struct ssl_sigalg * -ssl_sigalg_lookup(uint16_t sigalg) +static void +ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values, + size_t *out_len) +{ + if (tls_version >= TLS1_3_VERSION) { + *out_values = tls13_sigalgs; + *out_len = tls13_sigalgs_len; + } else { + *out_values = tls12_sigalgs; + *out_len = tls12_sigalgs_len; + } +} + +static const struct ssl_sigalg * +ssl_sigalg_lookup(uint16_t value) { int i; for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) { - if (sigalgs[i].value == sigalg) + if (sigalgs[i].value == value) return &sigalgs[i]; } return NULL; } -const struct ssl_sigalg * -ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len) +static const struct ssl_sigalg * +ssl_sigalg_from_value(SSL *s, uint16_t value) { + const uint16_t *values; + size_t len; int i; + ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version, + &values, &len); + for (i = 0; i < len; i++) { - if (values[i] == sigalg) - return ssl_sigalg_lookup(sigalg); + if (values[i] == value) + return ssl_sigalg_lookup(value); } return NULL; } int -ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len) +ssl_sigalgs_build(uint16_t tls_version, CBB *cbb) { + const uint16_t *values; + size_t len; size_t i; - for (i = 0; sigalgs[i].value != SIGALG_NONE; i++); - if (len > i) - return 0; - - /* XXX check for duplicates and other sanity BS? */ + ssl_sigalgs_for_version(tls_version, &values, &len); /* Add values in order as long as they are supported. */ for (i = 0; i < len; i++) { - /* Do not allow the legacy value for < 1.2 to be used */ + /* Do not allow the legacy value for < 1.2 to be used. */ if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1) return 0; - - if (ssl_sigalg_lookup(values[i]) != NULL) { - if (!CBB_add_u16(cbb, values[i])) - return 0; - } else + if (ssl_sigalg_lookup(values[i]) == NULL) + return 0; + if (!CBB_add_u16(cbb, values[i])) return 0; } return 1; } -int -ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, - int check_curve) +static const struct ssl_sigalg * +ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) +{ + /* Default signature algorithms used for TLSv1.2 and earlier. */ + switch (EVP_PKEY_id(pkey)) { + case EVP_PKEY_RSA: + if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) + return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); + return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); + case EVP_PKEY_EC: + return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); +#ifndef OPENSSL_NO_GOST + case EVP_PKEY_GOSTR01: + return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); +#endif + } + SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); + return NULL; +} + +static int +ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) { if (sigalg == NULL || pkey == NULL) return 0; - if (sigalg->key_type != pkey->type) + if (sigalg->key_type != EVP_PKEY_id(pkey)) return 0; + /* RSA PSS must have a sufficiently large RSA key. */ if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) { - /* - * RSA PSS Must have an RSA key that needs to be at - * least as big as twice the size of the hash + 2 - */ - if (pkey->type != EVP_PKEY_RSA || + if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA || EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2)) return 0; } - if (pkey->type == EVP_PKEY_EC && check_curve) { - /* Curve must match for EC keys. */ + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) + return 1; + + /* RSA cannot be used without PSS in TLSv1.3. */ + if (sigalg->key_type == EVP_PKEY_RSA && + (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) + return 0; + + /* Ensure that curve matches for EC keys. */ + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { if (sigalg->curve_nid == 0) return 0; - if (EC_GROUP_get_curve_name(EC_KEY_get0_group - (EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) { + if (EC_GROUP_get_curve_name(EC_KEY_get0_group( + EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->curve_nid) return 0; - } } return 1; @@ -260,78 +300,56 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, const struct ssl_sigalg * ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) { - uint16_t *tls_sigalgs = tls12_sigalgs; - size_t tls_sigalgs_len = tls12_sigalgs_len; - int check_curve = 0; CBS cbs; - if (TLS1_get_version(s) >= TLS1_3_VERSION) { - tls_sigalgs = tls13_sigalgs; - tls_sigalgs_len = tls13_sigalgs_len; - check_curve = 1; - } - - /* Pre TLS 1.2 defaults */ - if (!SSL_USE_SIGALGS(s)) { - switch (pkey->type) { - case EVP_PKEY_RSA: - return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); - case EVP_PKEY_EC: - return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); -#ifndef OPENSSL_NO_GOST - case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); -#endif - } - SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); - return (NULL); - } + if (!SSL_USE_SIGALGS(s)) + return ssl_sigalg_for_legacy(s, pkey); /* - * RFC 5246 allows a TLS 1.2 client to send no sigalgs, in - * which case the server must use the the default. + * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, + * in which case the server must use the default. */ - if (TLS1_get_version(s) < TLS1_3_VERSION && - S3I(s)->hs.sigalgs == NULL) { - switch (pkey->type) { - case EVP_PKEY_RSA: - return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - case EVP_PKEY_EC: - return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); -#ifndef OPENSSL_NO_GOST - case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); -#endif - } - SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); - return (NULL); - } + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->hs.sigalgs == NULL) + return ssl_sigalg_for_legacy(s, pkey); /* * If we get here, we have client or server sent sigalgs, use one. */ - CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); while (CBS_len(&cbs) > 0) { - uint16_t sig_alg; const struct ssl_sigalg *sigalg; + uint16_t sigalg_value; - if (!CBS_get_u16(&cbs, &sig_alg)) - return 0; + if (!CBS_get_u16(&cbs, &sigalg_value)) + return NULL; - if ((sigalg = ssl_sigalg(sig_alg, tls_sigalgs, - tls_sigalgs_len)) == NULL) + if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) continue; - - /* RSA cannot be used without PSS in TLSv1.3. */ - if (TLS1_get_version(s) >= TLS1_3_VERSION && - sigalg->key_type == EVP_PKEY_RSA && - (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0) - continue; - - if (ssl_sigalg_pkey_ok(sigalg, pkey, check_curve)) + if (ssl_sigalg_pkey_ok(s, sigalg, pkey)) return sigalg; } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); return NULL; } + +const struct ssl_sigalg * +ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value) +{ + const struct ssl_sigalg *sigalg; + + if (!SSL_USE_SIGALGS(s)) + return ssl_sigalg_for_legacy(s, pkey); + + if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) { + SSLerror(s, SSL_R_UNKNOWN_DIGEST); + return NULL; + } + if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) { + SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); + return NULL; + } + + return sigalg; +} diff --git a/externals/libressl/ssl/ssl_sigalgs.h b/externals/libressl/ssl/ssl_sigalgs.h index 13a3597fb..beab11afd 100755 --- a/externals/libressl/ssl/ssl_sigalgs.h +++ b/externals/libressl/ssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.14 2019/03/25 17:33:26 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.23 2021/06/29 19:25:59 jsing Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck * @@ -55,31 +55,23 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE #define SIGALG_GOSTR01_GOST94 0xEDED -/* Legacy sigalg for < 1.2 same value as boring uses*/ +/* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */ #define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01 #define SIGALG_FLAG_RSA_PSS 0x00000001 -struct ssl_sigalg{ +struct ssl_sigalg { uint16_t value; - const EVP_MD *(*md)(void); int key_type; + const EVP_MD *(*md)(void); int curve_nid; int flags; }; -extern uint16_t tls12_sigalgs[]; -extern size_t tls12_sigalgs_len; -extern uint16_t tls13_sigalgs[]; -extern size_t tls13_sigalgs_len; - -const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg); -const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len); -int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len); -int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk); -int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey, - int check_curve); +int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb); const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); +const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, + uint16_t sigalg_value); __END_HIDDEN_DECLS diff --git a/externals/libressl/ssl/ssl_srvr.c b/externals/libressl/ssl/ssl_srvr.c index 0f448a2d3..359395051 100755 --- a/externals/libressl/ssl/ssl_srvr.c +++ b/externals/libressl/ssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.85 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,83 +150,78 @@ #include -#include "ssl_locl.h" - #include #include #include #include #include -#ifndef OPENSSL_NO_GOST -#include -#endif #include #include #include +#include #include +#ifndef OPENSSL_NO_GOST +#include +#endif + #include "bytestring.h" +#include "dtls_locl.h" +#include "ssl_locl.h" #include "ssl_sigalgs.h" #include "ssl_tlsext.h" int ssl3_accept(SSL *s) { - void (*cb)(const SSL *ssl, int type, int val) = NULL; unsigned long alg_k; - int ret = -1; int new_state, state, skip = 0; int listen = 0; + int ret = -1; ERR_clear_error(); errno = 0; - if (s->internal->info_callback != NULL) - cb = s->internal->info_callback; - else if (s->ctx->internal->info_callback != NULL) - cb = s->ctx->internal->info_callback; - - if (SSL_IS_DTLS(s)) - listen = D1I(s)->listen; + if (SSL_is_dtls(s)) + listen = s->d1->listen; /* init things to blank */ s->internal->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - if (SSL_IS_DTLS(s)) - D1I(s)->listen = listen; + if (SSL_is_dtls(s)) + s->d1->listen = listen; for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* S3I(s)->hs.state=SSL_ST_ACCEPT; */ + /* s->s3->hs.state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: case SSL_ST_OK|SSL_ST_ACCEPT: s->server = 1; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); - if (SSL_IS_DTLS(s)) { - if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - } else { - if ((s->version >> 8) != 3) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } + ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1); + + if (!ssl_legacy_stack_version(s, s->version)) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + ret = -1; + goto end; + } + + if (!ssl_supported_tls_version_range(s, + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { + SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); + ret = -1; + goto end; } - s->internal->type = SSL_ST_ACCEPT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -239,7 +234,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; - if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) { + if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { /* * Ok, we now need to push on a buffering BIO * so that the output is sent in a way that @@ -255,9 +250,9 @@ ssl3_accept(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; - } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) { + } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { /* * Server attempting to renegotiate with * client that doesn't support secure @@ -270,46 +265,48 @@ ssl3_accept(SSL *s) goto end; } else { /* - * S3I(s)->hs.state == SSL_ST_RENEGOTIATE, + * s->s3->hs.state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest. */ s->ctx->internal->stats.sess_accept_renegotiate++; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; } break; case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { dtls1_clear_record_buffer(s); dtls1_start_timer(s); } ret = ssl3_send_hello_request(s); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) - S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; + if (SSL_is_dtls(s)) + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; else - S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; - if (!tls1_transcript_init(s)) { - ret = -1; - goto end; + if (SSL_is_dtls(s)) { + if (!tls1_transcript_init(s)) { + ret = -1; + goto end; + } } break; case SSL3_ST_SW_HELLO_REQ_C: - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { ret = ssl3_get_client_hello(s); if (ret <= 0) goto end; @@ -317,9 +314,9 @@ ssl3_accept(SSL *s) if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; @@ -328,22 +325,21 @@ ssl3_accept(SSL *s) * stateless while listening. */ if (listen) { - memcpy(S3I(s)->write_sequence, - S3I(s)->read_sequence, - sizeof(S3I(s)->write_sequence)); + tls12_record_layer_reflect_seq_num( + s->internal->rl); } /* If we're just listening, stop here */ - if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; - D1I(s)->listen = 0; + s->d1->listen = 0; /* * Set expected sequence numbers to * continue the handshake. */ - D1I(s)->handshake_read_seq = 2; - D1I(s)->handshake_write_seq = 1; - D1I(s)->next_handshake_write_seq = 1; + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } } else { @@ -354,18 +350,18 @@ ssl3_accept(SSL *s) } s->internal->renegotiate = 2; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; } break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: - ret = dtls1_send_hello_verify_request(s); + ret = ssl3_send_dtls_hello_verify_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; - S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC. */ tls1_transcript_reset(s); @@ -373,7 +369,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { s->internal->renegotiate = 2; dtls1_start_timer(s); } @@ -382,11 +378,11 @@ ssl3_accept(SSL *s) goto end; if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; } else { - S3I(s)->hs.state = SSL3_ST_SW_CERT_A; + s->s3->hs.state = SSL3_ST_SW_CERT_A; } s->internal->init_num = 0; break; @@ -394,27 +390,27 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; /* * Only send if using a DH key exchange. @@ -425,7 +421,7 @@ ssl3_accept(SSL *s) * public key for key exchange. */ if (alg_k & (SSL_kDHE|SSL_kECDHE)) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_key_exchange(s); if (ret <= 0) @@ -433,7 +429,7 @@ ssl3_accept(SSL *s) } else skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -457,39 +453,39 @@ ssl3_accept(SSL *s) * s3_clnt.c accepts this for SSL 3). */ if (!(s->verify_mode & SSL_VERIFY_PEER) || - ((s->session->peer != NULL) && + ((s->session->peer_cert != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->hs.new_cipher->algorithm_auth & + ((s->s3->hs.cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* No cert request. */ skip = 1; - S3I(s)->tmp.cert_request = 0; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.tls12.cert_request = 0; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) tls1_transcript_free(s); } else { - S3I(s)->tmp.cert_request = 1; - if (SSL_IS_DTLS(s)) + s->s3->hs.tls12.cert_request = 1; + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -506,29 +502,29 @@ ssl3_accept(SSL *s) */ s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* If the write error was fatal, stop trying. */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - if (S3I(s)->tmp.cert_request) { + if (s->s3->hs.tls12.cert_request) { ret = ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->internal->init_num = 0; - S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -537,28 +533,24 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + if (SSL_is_dtls(s)) { + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; } - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; - if (ret == 2) { + alg_k = s->s3->hs.cipher->algorithm_mkey; + if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { /* - * For the ECDH ciphersuites when - * the client sends its ECDH pub key in - * a certificate, the CertificateVerify - * message is not sent. - * Also for GOST ciphersuites when - * the client uses its key from the certificate - * for key exchange. + * A GOST client may use the key from its + * certificate for key exchange, in which case + * the CertificateVerify message is not sent. */ - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; - if (!s->session->peer) + if (!s->session->peer_cert) break; /* * Freeze the transcript for use during client @@ -566,7 +558,7 @@ ssl3_accept(SSL *s) */ tls1_transcript_freeze(s); } else { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; tls1_transcript_free(s); @@ -576,8 +568,8 @@ ssl3_accept(SSL *s) * a client cert, it can be verified. */ if (!tls1_transcript_hash_value(s, - S3I(s)->tmp.cert_verify_md, - sizeof(S3I(s)->tmp.cert_verify_md), + s->s3->hs.tls12.cert_verify, + sizeof(s->s3->hs.tls12.cert_verify), NULL)) { ret = -1; goto end; @@ -587,8 +579,8 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - if (SSL_IS_DTLS(s)) - D1I(s)->change_cipher_spec_ok = 1; + if (SSL_is_dtls(s)) + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -596,28 +588,28 @@ ssl3_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: - if (SSL_IS_DTLS(s)) - D1I(s)->change_cipher_spec_ok = 1; + if (SSL_is_dtls(s)) + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -626,7 +618,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -635,49 +627,42 @@ ssl3_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->hs.new_cipher; - if (!tls1_setup_key_block(s)) { - ret = -1; - goto end; - } - ret = ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; + s->s3->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; + s->session->cipher = s->s3->hs.cipher; - if (!tls1_change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + if (!tls1_setup_key_block(s)) { + ret = -1; + goto end; + } + if (!tls1_change_write_cipher_state(s)) { ret = -1; goto end; } - - if (SSL_IS_DTLS(s)) - dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; case SSL3_ST_SW_FINISHED_A: case SSL3_ST_SW_FINISHED_B: - ret = ssl3_send_finished(s, - SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, - TLS_MD_SERVER_FINISH_CONST, - TLS_MD_SERVER_FINISH_CONST_SIZE); + ret = ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A, + SSL3_ST_SW_FINISHED_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { - S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; tls1_transcript_free(s); } else - S3I(s)->hs.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -685,13 +670,13 @@ ssl3_accept(SSL *s) /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; } - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) ssl3_release_init_buffer(s); /* remove buffering on output */ @@ -710,18 +695,17 @@ ssl3_accept(SSL *s) /* s->server=1; */ s->internal->handshake_func = ssl3_accept; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); + ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); } ret = 1; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* Done handshaking, next message is client hello. */ - D1I(s)->handshake_read_seq = 0; + s->d1->handshake_read_seq = 0; /* Next message is server hello. */ - D1I(s)->handshake_write_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_write_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; /* break; */ @@ -733,27 +717,26 @@ ssl3_accept(SSL *s) /* break; */ } - if (!S3I(s)->tmp.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if ((cb != NULL) && (S3I(s)->hs.state != state)) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; - cb(s, SSL_CB_ACCEPT_LOOP, 1); - S3I(s)->hs.state = new_state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; + ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1); + s->s3->hs.state = new_state; } } skip = 0; } -end: + end: /* BIO_flush(s->wbio); */ s->internal->in_handshake--; - if (cb != NULL) - cb(s, SSL_CB_ACCEPT_EXIT, ret); + ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret); return (ret); } @@ -765,14 +748,14 @@ ssl3_send_hello_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &hello, SSL3_MT_HELLO_REQUEST)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B; } /* SSL3_ST_SW_HELLO_REQ_B */ @@ -792,14 +775,13 @@ ssl3_get_client_hello(SSL *s) uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1, cookie_valid = 0; - long n; + int i, j, al, ret, cookie_valid = 0; unsigned long id; SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; unsigned long alg_k; const SSL_METHOD *method; - uint16_t max_version, shared_version; + uint16_t shared_version; /* * We do this so that we will respond with our native type. @@ -808,67 +790,71 @@ ssl3_get_client_hello(SSL *s) * If we are SSLv3, we will respond with SSLv3, even if prompted with * TLSv1. */ - if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) { - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; - } + if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; s->internal->first_packet = 1; - n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, - SSL3_RT_MAX_PLAIN_LENGTH, &ok); - if (!ok) - return ((int)n); + SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) + return ret; s->internal->first_packet = 0; - if (n < 0) + ret = -1; + + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); /* Parse client hello up until the extensions (if any). */ if (!CBS_get_u16(&cbs, &client_version)) - goto truncated; + goto decode_err; if (!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE)) - goto truncated; + goto decode_err; if (!CBS_get_u8_length_prefixed(&cbs, &session_id)) - goto truncated; + goto decode_err; if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; + goto fatal_err; } - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) - goto truncated; + goto decode_err; } if (!CBS_get_u16_length_prefixed(&cbs, &cipher_suites)) - goto truncated; + goto decode_err; if (!CBS_get_u8_length_prefixed(&cbs, &compression_methods)) - goto truncated; + goto decode_err; /* * Use version from inside client hello, not from record header. * (may differ: see RFC 2246, Appendix E, second paragraph) */ - if (!ssl_downgrade_max_version(s, &max_version)) - goto err; - if (ssl_max_shared_version(s, client_version, &shared_version) != 1) { - SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && - !s->internal->enc_write_ctx && !s->internal->write_hash) { + if (!ssl_max_shared_version(s, client_version, &shared_version)) { + if ((client_version >> 8) == SSL3_VERSION_MAJOR && + !tls12_record_layer_write_protected(s->internal->rl)) { /* * Similar to ssl3_get_record, send alert using remote * version number. */ - s->version = s->client_version; + s->version = client_version; } + SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + goto fatal_err; } - s->client_version = client_version; + s->s3->hs.peer_legacy_version = client_version; s->version = shared_version; - if ((method = ssl_get_server_method(shared_version)) == NULL) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version); + if (s->s3->hs.negotiated_tls_version == 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto err; + } + + if ((method = ssl_get_method(shared_version)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -879,7 +865,7 @@ ssl3_get_client_hello(SSL *s) * one, just return since we do not want to allocate any memory yet. * So check cookie length... */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (CBS_len(&cookie) == 0) return (1); @@ -920,7 +906,7 @@ ssl3_get_client_hello(SSL *s) if (i == 1) { /* previous session */ s->internal->hit = 1; } else if (i == -1) - goto f_err; + goto fatal_err; else { /* i == 0 */ if (!ssl_get_new_session(s, 1)) @@ -928,16 +914,16 @@ ssl3_get_client_hello(SSL *s) } } - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* * The ClientHello may contain a cookie even if the HelloVerify * message has not been sent - make sure that it does not cause * an overflow. */ - if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { + if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto f_err; + goto fatal_err; } /* Verify the cookie if appropriate option is set. */ @@ -946,25 +932,25 @@ ssl3_get_client_hello(SSL *s) size_t cookie_len; /* XXX - rcvd_cookie seems to only be used here... */ - if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie, - sizeof(D1I(s)->rcvd_cookie), &cookie_len)) + if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, + sizeof(s->d1->rcvd_cookie), &cookie_len)) goto err; if (s->ctx->internal->app_verify_cookie_cb != NULL) { if (s->ctx->internal->app_verify_cookie_cb(s, - D1I(s)->rcvd_cookie, cookie_len) == 0) { + s->d1->rcvd_cookie, cookie_len) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto f_err; + goto fatal_err; } /* else cookie verification succeeded */ /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ - } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, - D1I(s)->cookie, D1I(s)->cookie_len) != 0) { + } else if (timingsafe_memcmp(s->d1->rcvd_cookie, + s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); - goto f_err; + goto fatal_err; } cookie_valid = 1; } @@ -975,7 +961,7 @@ ssl3_get_client_hello(SSL *s) /* we need a cipher if we are not resuming a session */ al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED); - goto f_err; + goto fatal_err; } if (CBS_len(&cipher_suites) > 0) { @@ -1004,32 +990,35 @@ ssl3_get_client_hello(SSL *s) */ al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + goto fatal_err; } } comp_null = 0; while (CBS_len(&compression_methods) > 0) { if (!CBS_get_u8(&compression_methods, &comp_method)) - goto truncated; + goto decode_err; if (comp_method == 0) comp_null = 1; } if (comp_null == 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED); - goto f_err; + goto fatal_err; } if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) { SSLerror(s, SSL_R_PARSE_TLSEXT); - goto f_err; + goto fatal_err; } - if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) { + if (CBS_len(&cbs) != 0) + goto decode_err; + + if (!s->s3->renegotiate_seen && s->internal->renegotiate) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto f_err; + goto fatal_err; } if (ssl_check_clienthello_tlsext_early(s) <= 0) { @@ -1045,8 +1034,8 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION && - s->version < max_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 * we must set the last 8 bytes of the server random to magical @@ -1055,7 +1044,7 @@ ssl3_get_client_hello(SSL *s) */ size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); uint8_t *magic = &s->s3->server_random[index]; - if (s->version == TLS1_2_VERSION) { + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) { /* Indicate we chose to downgrade to 1.2. */ memcpy(magic, tls13_downgrade_12, sizeof(tls13_downgrade_12)); @@ -1086,7 +1075,7 @@ ssl3_get_client_hello(SSL *s) if (pref_cipher == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_NO_SHARED_CIPHER); - goto f_err; + goto fatal_err; } s->session->cipher = pref_cipher; @@ -1107,7 +1096,7 @@ ssl3_get_client_hello(SSL *s) if (ciphers == NULL) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_NO_CIPHERS_PASSED); - goto f_err; + goto fatal_err; } ciphers = NULL; c = ssl3_choose_cipher(s, s->session->ciphers, @@ -1116,17 +1105,17 @@ ssl3_get_client_hello(SSL *s) if (c == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_NO_SHARED_CIPHER); - goto f_err; + goto fatal_err; } - S3I(s)->hs.new_cipher = c; + s->s3->hs.cipher = c; } else { - S3I(s)->hs.new_cipher = s->session->cipher; + s->s3->hs.cipher = s->session->cipher; } if (!tls1_transcript_hash_init(s)) goto err; - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || !(s->verify_mode & SSL_VERIFY_PEER)) tls1_transcript_free(s); @@ -1134,13 +1123,13 @@ ssl3_get_client_hello(SSL *s) /* * We now have the following setup. * client_random - * cipher_list - our prefered list of ciphers - * ciphers - the clients prefered list of ciphers + * cipher_list - our prefered list of ciphers + * ciphers - the clients prefered list of ciphers * compression - basically ignored right now * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->internal->hit - session reuse flag - * s->hs.new_cipher - the new cipher to use. + * s->hs.cipher - the new cipher to use. */ /* Handles TLS extensions that we couldn't check earlier */ @@ -1152,18 +1141,62 @@ ssl3_get_client_hello(SSL *s) ret = cookie_valid ? 2 : 1; if (0) { -truncated: + decode_err: al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } -err: + err: sk_SSL_CIPHER_free(ciphers); return (ret); } +int +ssl3_send_dtls_hello_verify_request(SSL *s) +{ + CBB cbb, verify, cookie; + + memset(&cbb, 0, sizeof(cbb)); + + if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (s->ctx->internal->app_gen_cookie_cb == NULL || + s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return 0; + } + + /* + * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should + * always contain DTLSv1.0 regardless of the version that is + * going to be negotiated. + */ + if (!ssl3_handshake_msg_start(s, &cbb, &verify, + DTLS1_MT_HELLO_VERIFY_REQUEST)) + goto err; + if (!CBB_add_u16(&verify, DTLS1_VERSION)) + goto err; + if (!CBB_add_u8_length_prefixed(&verify, &cookie)) + goto err; + if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) + goto err; + if (!ssl3_handshake_msg_finish(s, &cbb)) + goto err; + + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + } + + /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + return (ssl3_handshake_write(s)); + + err: + CBB_cleanup(&cbb); + + return (-1); +} + int ssl3_send_server_hello(SSL *s) { @@ -1172,7 +1205,7 @@ ssl3_send_server_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, SSL3_MT_SERVER_HELLO)) goto err; @@ -1217,7 +1250,7 @@ ssl3_send_server_hello(SSL *s) /* Cipher suite. */ if (!CBB_add_u16(&server_hello, - ssl3_cipher_get_value(S3I(s)->hs.new_cipher))) + ssl3_cipher_get_value(s->s3->hs.cipher))) goto err; /* Compression method (null). */ @@ -1250,14 +1283,14 @@ ssl3_send_server_done(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) { if (!ssl3_handshake_msg_start(s, &cbb, &done, SSL3_MT_SERVER_DONE)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B; } /* SSL3_ST_SW_SRVR_DONE_B */ @@ -1272,198 +1305,92 @@ ssl3_send_server_done(SSL *s) static int ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) { - CBB dh_p, dh_g, dh_Ys; - DH *dh = NULL, *dhp; - unsigned char *data; - int al; + int nid = NID_dhKeyAgreement; - if (s->cert->dh_tmp_auto != 0) { - if ((dhp = ssl_get_auto_dh(s)) == NULL) { - al = SSL_AD_INTERNAL_ERROR; + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + goto err; + + if (s->cert->dhe_params_auto != 0) { + size_t key_bits; + + if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); - goto f_err; + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INTERNAL_ERROR); + goto err; } - } else - dhp = s->cert->dh_tmp; + tls_key_share_set_key_bits(s->s3->hs.key_share, + key_bits); + } else { + DH *dh_params = s->cert->dhe_params; - if (dhp == NULL && s->cert->dh_tmp_cb != NULL) - dhp = s->cert->dh_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher)); + if (dh_params == NULL && s->cert->dhe_params_cb != NULL) + dh_params = s->cert->dhe_params_cb(s, 0, + SSL_C_PKEYLENGTH(s->s3->hs.cipher)); - if (dhp == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - goto f_err; + if (dh_params == NULL) { + SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + goto err; + } + + if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params)) + goto err; } - if (S3I(s)->tmp.dh != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (s->cert->dh_tmp_auto != 0) { - dh = dhp; - } else if ((dh = DHparams_dup(dhp)) == NULL) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - S3I(s)->tmp.dh = dh; - if (!DH_generate_key(dh)) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - - /* - * Serialize the DH parameters and public key. - */ - if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) - goto err; - if (!CBB_add_space(&dh_p, &data, BN_num_bytes(dh->p))) - goto err; - BN_bn2bin(dh->p, data); - - if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) - goto err; - if (!CBB_add_space(&dh_g, &data, BN_num_bytes(dh->g))) - goto err; - BN_bn2bin(dh->g, data); - - if (!CBB_add_u16_length_prefixed(cbb, &dh_Ys)) - goto err; - if (!CBB_add_space(&dh_Ys, &data, BN_num_bytes(dh->pub_key))) - goto err; - BN_bn2bin(dh->pub_key, data); - - if (!CBB_flush(cbb)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - return (1); - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) -{ - uint16_t curve_id; - EC_KEY *ecdh; - CBB ecpoint; - int al; - - /* - * Only named curves are supported in ECDH ephemeral key exchanges. - * For supported named curves, curve_id is non-zero. - */ - if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { - SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + if (!tls_key_share_params(s->s3->hs.key_share, cbb)) goto err; - } - - if (S3I(s)->tmp.ecdh != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY); - goto f_err; - } - S3I(s)->tmp.ecdh_nid = nid; - ecdh = S3I(s)->tmp.ecdh; - - if (!ssl_kex_generate_ecdhe_ecp(ecdh, nid)) + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; - /* - * Encode the public key. - * - * Only named curves are supported in ECDH ephemeral key exchanges. - * In this case the ServerKeyExchange message has: - * [1 byte CurveType], [2 byte CurveName] - * [1 byte length of encoded point], followed by - * the actual encoded point itself. - */ - if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) - goto err; - if (!CBB_add_u16(cbb, curve_id)) - goto err; - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - return (1); - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (-1); -} - -static int -ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) -{ - uint8_t *public_key = NULL, *private_key = NULL; - uint16_t curve_id; - CBB ecpoint; - int ret = -1; - - /* Generate an X25519 key pair. */ - if (S3I(s)->tmp.x25519 != NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - X25519_keypair(public_key, private_key); - - /* Serialize public key. */ - if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { - SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); - goto err; - } - - if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) - goto err; - if (!CBB_add_u16(cbb, curve_id)) - goto err; - if (!CBB_add_u8_length_prefixed(cbb, &ecpoint)) - goto err; - if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - S3I(s)->tmp.x25519 = private_key; - private_key = NULL; - ret = 1; + return 1; err: - free(public_key); - freezero(private_key, X25519_KEY_LENGTH); - - return (ret); + return 0; } static int ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) { + CBB public; int nid; - nid = tls1_get_shared_curve(s); + if ((nid = tls1_get_shared_curve(s)) == NID_undef) { + SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; + } - if (nid == NID_X25519) - return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb); + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + goto err; - return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb); + if (!tls_key_share_generate(s->s3->hs.key_share)) + goto err; + + /* + * ECC key exchange - see RFC 8422, section 5.4. + */ + if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) + goto err; + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) + goto err; + if (!CBB_add_u8_length_prefixed(cbb, &public)) + goto err; + if (!tls_key_share_public(s->s3->hs.key_share, &public)) + goto err; + if (!CBB_flush(cbb)) + goto err; + + return 1; + + err: + return 0; } int @@ -1477,7 +1404,7 @@ ssl3_send_server_key_exchange(SSL *s) size_t params_len; const EVP_MD *md = NULL; unsigned long type; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; int al; @@ -1485,9 +1412,10 @@ ssl3_send_server_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); memset(&cbb_params, 0, sizeof(cbb_params)); - EVP_MD_CTX_init(&md_ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; - if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { + if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, SSL3_MT_SERVER_KEY_EXCHANGE)) @@ -1496,17 +1424,17 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_init(&cbb_params, 0)) goto err; - type = S3I(s)->hs.new_cipher->algorithm_mkey; + type = s->s3->hs.cipher->algorithm_mkey; if (type & SSL_kDHE) { - if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1) + if (!ssl3_send_server_kex_dhe(s, &cbb_params)) goto err; } else if (type & SSL_kECDHE) { - if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1) + if (!ssl3_send_server_kex_ecdhe(s, &cbb_params)) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; + goto fatal_err; } if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len)) @@ -1516,23 +1444,24 @@ ssl3_send_server_key_exchange(SSL *s) goto err; /* Add signature unless anonymous. */ - if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher, + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { + if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher, &md, &sigalg)) == NULL) { al = SSL_AD_DECODE_ERROR; - goto f_err; + goto fatal_err; } + s->s3->hs.our_sigalg = sigalg; /* Send signature algorithm. */ if (SSL_USE_SIGALGS(s)) { if (!CBB_add_u16(&server_kex, sigalg->value)) { al = SSL_AD_INTERNAL_ERROR; SSLerror(s, ERR_R_INTERNAL_ERROR); - goto f_err; + goto fatal_err; } } - if (!EVP_DigestSignInit(&md_ctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -1543,21 +1472,21 @@ ssl3_send_server_key_exchange(SSL *s) SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, + if (!EVP_DigestSignUpdate(md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, + if (!EVP_DigestSignUpdate(md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignUpdate(&md_ctx, params, params_len)) { + if (!EVP_DigestSignUpdate(md_ctx, params, params_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestSignFinal(&md_ctx, NULL, &signature_len) || + if (!EVP_DigestSignFinal(md_ctx, NULL, &signature_len) || !signature_len) { SSLerror(s, ERR_R_EVP_LIB); goto err; @@ -1566,7 +1495,7 @@ ssl3_send_server_key_exchange(SSL *s) SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestSignFinal(&md_ctx, signature, &signature_len)) { + if (!EVP_DigestSignFinal(md_ctx, signature, &signature_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -1582,21 +1511,21 @@ ssl3_send_server_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B; } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); free(params); free(signature); return (ssl3_handshake_write(s)); - f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: CBB_cleanup(&cbb_params); CBB_cleanup(&cbb); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); free(params); free(signature); @@ -1617,7 +1546,7 @@ ssl3_send_certificate_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, SSL3_MT_CERTIFICATE_REQUEST)) goto err; @@ -1628,9 +1557,11 @@ ssl3_send_certificate_request(SSL *s) goto err; if (SSL_USE_SIGALGS(s)) { - if (!CBB_add_u16_length_prefixed(&cert_request, &sigalgs)) + if (!CBB_add_u16_length_prefixed(&cert_request, + &sigalgs)) goto err; - if (!ssl_sigalgs_build(&sigalgs, tls12_sigalgs, tls12_sigalgs_len)) + if (!ssl_sigalgs_build( + s->s3->hs.negotiated_tls_version, &sigalgs)) goto err; } @@ -1656,7 +1587,7 @@ ssl3_send_certificate_request(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -1682,17 +1613,16 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) int al = -1; arc4random_buf(fakekey, sizeof(fakekey)); - fakekey[0] = s->client_version >> 8; - fakekey[1] = s->client_version & 0xff; + + fakekey[0] = s->s3->hs.peer_legacy_version >> 8; + fakekey[1] = s->s3->hs.peer_legacy_version & 0xff; pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) { + if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; + goto fatal_err; } - rsa = pkey->pkey.rsa; pms_len = RSA_size(rsa); if (pms_len < SSL_MAX_MASTER_KEY_LENGTH) @@ -1702,7 +1632,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) p = pms; if (!CBS_get_u16_length_prefixed(cbs, &enc_pms)) - goto truncated; + goto decode_err; if (CBS_len(cbs) != 0 || CBS_len(&enc_pms) != RSA_size(rsa)) { SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); goto err; @@ -1718,8 +1648,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) /* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */ } - if ((al == -1) && !((pms[0] == (s->client_version >> 8)) && - (pms[1] == (s->client_version & 0xff)))) { + if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) && + (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) { /* * The premaster secret must contain the same version number * as the ClientHello to detect version rollback attacks @@ -1748,217 +1678,127 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) p = fakekey; } - s->session->master_key_length = - tls1_generate_master_secret(s, - s->session->master_key, p, SSL_MAX_MASTER_KEY_LENGTH); + if (!tls12_derive_master_secret(s, p, SSL_MAX_MASTER_KEY_LENGTH)) + goto err; freezero(pms, pms_len); - return (1); + return 1; - truncated: + decode_err: al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: freezero(pms, pms_len); - return (-1); + return 0; } static int ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) -{ - int key_size = 0; - int key_is_invalid, key_len, al; - unsigned char *key = NULL; - BIGNUM *bn = NULL; - CBS dh_Yc; - DH *dh; - - if (!CBS_get_u16_length_prefixed(cbs, &dh_Yc)) - goto truncated; - if (CBS_len(cbs) != 0) - goto truncated; - - if (S3I(s)->tmp.dh == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - dh = S3I(s)->tmp.dh; - - if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { - SSLerror(s, SSL_R_BN_LIB); - goto err; - } - - if ((key_size = DH_size(dh)) <= 0) { - SSLerror(s, ERR_R_DH_LIB); - goto err; - } - if ((key = malloc(key_size)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!DH_check_pub_key(dh, bn, &key_is_invalid)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_DH_LIB); - goto f_err; - } - if (key_is_invalid) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerror(s, ERR_R_DH_LIB); - goto f_err; - } - if ((key_len = DH_compute_key(key, bn, dh)) <= 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerror(s, ERR_R_DH_LIB); - goto f_err; - } - - s->session->master_key_length = tls1_generate_master_secret(s, - s->session->master_key, key, key_len); - - DH_free(S3I(s)->tmp.dh); - S3I(s)->tmp.dh = NULL; - - freezero(key, key_size); - BN_clear_free(bn); - - return (1); - - truncated: - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - freezero(key, key_size); - BN_clear_free(bn); - - return (-1); -} - -static int -ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs) { uint8_t *key = NULL; size_t key_len = 0; - EC_KEY *ecdh_peer = NULL; - EC_KEY *ecdh; - CBS public; - int ret = -1; + int decode_error, invalid_key; + int ret = 0; - /* - * Use the ephemeral values we saved when generating the - * ServerKeyExchange message. - */ - if ((ecdh = S3I(s)->tmp.ecdh) == NULL) { - SSLerror(s, ERR_R_INTERNAL_ERROR); + if (s->s3->hs.key_share == NULL) { + SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); goto err; } - /* - * Get client's public key from encoded point in the ClientKeyExchange - * message. - */ - if (!CBS_get_u8_length_prefixed(cbs, &public)) + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + &decode_error, &invalid_key)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } goto err; - if (CBS_len(cbs) != 0) + } + if (invalid_key) { + SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + goto err; + } + + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; - if ((ecdh_peer = EC_KEY_new()) == NULL) + if (!tls12_derive_master_secret(s, key, key_len)) goto err; - if (!ssl_kex_peer_public_ecdhe_ecp(ecdh_peer, S3I(s)->tmp.ecdh_nid, - &public)) - goto err; - - /* Derive the shared secret and compute master secret. */ - if (!ssl_kex_derive_ecdhe_ecp(ecdh, ecdh_peer, &key, &key_len)) - goto err; - s->session->master_key_length = tls1_generate_master_secret(s, - s->session->master_key, key, key_len); - - EC_KEY_free(S3I(s)->tmp.ecdh); - S3I(s)->tmp.ecdh = NULL; - S3I(s)->tmp.ecdh_nid = NID_undef; - ret = 1; err: freezero(key, key_len); - EC_KEY_free(ecdh_peer); - return (ret); -} - -static int -ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs) -{ - uint8_t *shared_key = NULL; - CBS ecpoint; - int ret = -1; - - if (!CBS_get_u8_length_prefixed(cbs, &ecpoint)) - goto err; - if (CBS_len(cbs) != 0) - goto err; - if (CBS_len(&ecpoint) != X25519_KEY_LENGTH) - goto err; - - if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) - goto err; - if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint))) - goto err; - - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; - - s->session->master_key_length = - tls1_generate_master_secret( - s, s->session->master_key, shared_key, X25519_KEY_LENGTH); - - ret = 1; - - err: - freezero(shared_key, X25519_KEY_LENGTH); - - return (ret); + return ret; } static int ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) { - if (S3I(s)->tmp.x25519 != NULL) - return ssl3_get_client_kex_ecdhe_ecx(s, cbs); + uint8_t *key = NULL; + size_t key_len = 0; + int decode_error; + CBS public; + int ret = 0; - return ssl3_get_client_kex_ecdhe_ecp(s, cbs); + if (s->s3->hs.key_share == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); + goto err; + } + + if (!CBS_get_u8_length_prefixed(cbs, &public)) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + goto err; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + &decode_error, NULL)) { + if (decode_error) { + SSLerror(s, SSL_R_BAD_PACKET_LENGTH); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + } + goto err; + } + + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) + goto err; + + if (!tls12_derive_master_secret(s, key, key_len)) + goto err; + + ret = 1; + + err: + freezero(key, key_len); + + return ret; } static int ssl3_get_client_kex_gost(SSL *s, CBS *cbs) { - EVP_PKEY_CTX *pkey_ctx; - EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; unsigned char premaster_secret[32]; - unsigned long alg_a; - size_t outlen = 32; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *client_pubkey; + EVP_PKEY *pkey = NULL; + size_t outlen; CBS gostblob; - int al; - int ret = 0; /* Get our certificate private key*/ - alg_a = S3I(s)->hs.new_cipher->algorithm_auth; - if (alg_a & SSL_aGOST01) - pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; + if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) + pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; - if ((pkey_ctx = EVP_PKEY_CTX_new(pk, NULL)) == NULL) + if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) goto err; if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) - goto gerr; + goto err; /* * If client certificate is present and is of the same type, @@ -1967,98 +1807,93 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) * it is completely valid to use a client certificate for * authorization only. */ - if ((client_pub_pkey = X509_get_pubkey(s->session->peer)) != NULL) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, - client_pub_pkey) <= 0) + if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) { + if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) ERR_clear_error(); } /* Decrypt session key */ if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE)) - goto truncated; + goto decode_err; if (CBS_len(cbs) != 0) - goto truncated; + goto decode_err; + outlen = sizeof(premaster_secret); if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) { SSLerror(s, SSL_R_DECRYPTION_FAILED); - goto gerr; + goto err; } - /* Generate master secret */ - s->session->master_key_length = - tls1_generate_master_secret( - s, s->session->master_key, premaster_secret, 32); - - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, - EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) - ret = 2; - else - ret = 1; - gerr: - EVP_PKEY_free(client_pub_pkey); - EVP_PKEY_CTX_free(pkey_ctx); - if (ret) - return (ret); - else + if (!tls12_derive_master_secret(s, premaster_secret, + sizeof(premaster_secret))) goto err; - truncated: - al = SSL_AD_DECODE_ERROR; + /* Check if pubkey from client certificate was used */ + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, + 2, NULL) > 0) + s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; + + explicit_bzero(premaster_secret, sizeof(premaster_secret)); + EVP_PKEY_CTX_free(pkey_ctx); + + return 1; + + decode_err: SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, al); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); err: - return (-1); + explicit_bzero(premaster_secret, sizeof(premaster_secret)); + EVP_PKEY_CTX_free(pkey_ctx); + + return 0; } int ssl3_get_client_key_exchange(SSL *s) { unsigned long alg_k; - int al, ok; + int al, ret; CBS cbs; - long n; /* 2048 maxlen is a guess. How long a key does that permit? */ - n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, - SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, + SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0) + return ret; - if (n < 0) + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { - if (ssl3_get_client_kex_rsa(s, &cbs) != 1) + if (!ssl3_get_client_kex_rsa(s, &cbs)) goto err; } else if (alg_k & SSL_kDHE) { - if (ssl3_get_client_kex_dhe(s, &cbs) != 1) + if (!ssl3_get_client_kex_dhe(s, &cbs)) goto err; } else if (alg_k & SSL_kECDHE) { - if (ssl3_get_client_kex_ecdhe(s, &cbs) != 1) + if (!ssl3_get_client_kex_ecdhe(s, &cbs)) goto err; } else if (alg_k & SSL_kGOST) { - if (ssl3_get_client_kex_gost(s, &cbs) != 1) + if (!ssl3_get_client_kex_gost(s, &cbs)) goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE); - goto f_err; + goto fatal_err; } if (CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - goto f_err; + goto fatal_err; } return (1); - f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (-1); @@ -2069,197 +1904,193 @@ ssl3_get_cert_verify(SSL *s) { CBS cbs, signature; const struct ssl_sigalg *sigalg = NULL; - const EVP_MD *md = NULL; - EVP_PKEY *pkey = NULL; - X509 *peer = NULL; - EVP_MD_CTX mctx; - int al, ok, verify; + uint16_t sigalg_value = SIGALG_NONE; + EVP_PKEY *pkey; + X509 *peer_cert = NULL; + EVP_MD_CTX *mctx = NULL; + int al, verify; const unsigned char *hdata; size_t hdatalen; int type = 0; - int ret = 0; - long n; + int ret; - EVP_MD_CTX_init(&mctx); + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, + SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) + return ret; - n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); - if (!ok) - return ((int)n); + ret = 0; - if (n < 0) + if (s->internal->init_num < 0) goto err; - CBS_init(&cbs, s->internal->init_msg, n); + if ((mctx = EVP_MD_CTX_new()) == NULL) + goto err; - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - S3I(s)->tmp.reuse_message = 1; - if (peer != NULL) { + peer_cert = s->session->peer_cert; + pkey = X509_get0_pubkey(peer_cert); + type = X509_certificate_type(peer_cert, pkey); + + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { + s->s3->hs.tls12.reuse_message = 1; + if (peer_cert != NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; + goto fatal_err; } ret = 1; goto end; } - if (peer == NULL) { + if (peer_cert == NULL) { SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; + goto fatal_err; } if (!(type & EVP_PKT_SIGN)) { SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); al = SSL_AD_ILLEGAL_PARAMETER; - goto f_err; + goto fatal_err; } - if (S3I(s)->change_cipher_spec) { + if (s->s3->change_cipher_spec) { SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - - if (!SSL_USE_SIGALGS(s)) { - if (!CBS_get_u16_length_prefixed(&cbs, &signature)) - goto err; - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if (CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; - } + goto fatal_err; } if (SSL_USE_SIGALGS(s)) { - EVP_PKEY_CTX *pctx; - uint16_t sigalg_value; - if (!CBS_get_u16(&cbs, &sigalg_value)) - goto truncated; - if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs, - tls12_sigalgs_len)) == NULL || - (md = sigalg->md()) == NULL) { - SSLerror(s, SSL_R_UNKNOWN_DIGEST); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } + goto decode_err; + } + if (!CBS_get_u16_length_prefixed(&cbs, &signature)) + goto err; + if (CBS_len(&cbs) != 0) { + al = SSL_AD_DECODE_ERROR; + SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); + goto fatal_err; + } - if (!CBS_get_u16_length_prefixed(&cbs, &signature)) - goto err; - if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { - SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if (CBS_len(&cbs) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; - } + if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { + SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); + al = SSL_AD_DECODE_ERROR; + goto fatal_err; + } + + if ((sigalg = ssl_sigalg_for_peer(s, pkey, + sigalg_value)) == NULL) { + al = SSL_AD_DECODE_ERROR; + goto fatal_err; + } + s->s3->hs.peer_sigalg = sigalg; + + if (SSL_USE_SIGALGS(s)) { + EVP_PKEY_CTX *pctx; if (!tls1_transcript_data(s, &hdata, &hdatalen)) { SSLerror(s, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } - if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) { + if (!EVP_DigestVerifyInit(mctx, &pctx, sigalg->md(), + NULL, pkey)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && - (!EVP_PKEY_CTX_set_rsa_padding - (pctx, RSA_PKCS1_PSS_PADDING) || + (!EVP_PKEY_CTX_set_rsa_padding(pctx, + RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } if (sigalg->key_type == EVP_PKEY_GOSTR01 && EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } - if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { + if (!EVP_DigestVerifyUpdate(mctx, hdata, hdatalen)) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } - if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature), + if (EVP_DigestVerifyFinal(mctx, CBS_data(&signature), CBS_len(&signature)) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_SIGNATURE); - goto f_err; + goto fatal_err; } - } else if (pkey->type == EVP_PKEY_RSA) { - verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md, + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { + RSA *rsa; + + if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_EVP_LIB); + goto fatal_err; + } + verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), pkey->pkey.rsa); + CBS_len(&signature), rsa); if (verify < 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_RSA_DECRYPT); - goto f_err; + goto fatal_err; } if (verify == 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_RSA_SIGNATURE); - goto f_err; + goto fatal_err; } - } else if (pkey->type == EVP_PKEY_EC) { - verify = ECDSA_verify(pkey->save_type, - &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), + } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + EC_KEY *eckey; + + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerror(s, ERR_R_EVP_LIB); + goto fatal_err; + } + verify = ECDSA_verify(0, + &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, CBS_data(&signature), - CBS_len(&signature), pkey->pkey.ec); + CBS_len(&signature), eckey); if (verify <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); - goto f_err; + goto fatal_err; } #ifndef OPENSSL_NO_GOST - } else if (pkey->type == NID_id_GostR3410_94 || - pkey->type == NID_id_GostR3410_2001) { + } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || + EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { unsigned char sigbuf[128]; unsigned int siglen = sizeof(sigbuf); EVP_PKEY_CTX *pctx; + const EVP_MD *md; int nid; if (!tls1_transcript_data(s, &hdata, &hdatalen)) { SSLerror(s, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || !(md = EVP_get_digestbynid(nid))) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; - goto f_err; + goto fatal_err; } - if (!EVP_DigestInit_ex(&mctx, md, NULL) || - !EVP_DigestUpdate(&mctx, hdata, hdatalen) || - !EVP_DigestFinal(&mctx, sigbuf, &siglen) || + if (!EVP_DigestInit_ex(mctx, md, NULL) || + !EVP_DigestUpdate(mctx, hdata, hdatalen) || + !EVP_DigestFinal(mctx, sigbuf, &siglen) || (EVP_PKEY_verify_init(pctx) <= 0) || (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, @@ -2268,14 +2099,14 @@ ssl3_get_cert_verify(SSL *s) SSLerror(s, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; EVP_PKEY_CTX_free(pctx); - goto f_err; + goto fatal_err; } if (EVP_PKEY_verify(pctx, CBS_data(&signature), CBS_len(&signature), sigbuf, siglen) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_BAD_SIGNATURE); EVP_PKEY_CTX_free(pctx); - goto f_err; + goto fatal_err; } EVP_PKEY_CTX_free(pctx); @@ -2283,22 +2114,22 @@ ssl3_get_cert_verify(SSL *s) } else { SSLerror(s, ERR_R_INTERNAL_ERROR); al = SSL_AD_UNSUPPORTED_CERTIFICATE; - goto f_err; + goto fatal_err; } ret = 1; if (0) { - truncated: + decode_err: al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } end: tls1_transcript_free(s); err: - EVP_MD_CTX_cleanup(&mctx); - EVP_PKEY_free(pkey); + EVP_MD_CTX_free(mctx); + return (ret); } @@ -2306,48 +2137,48 @@ int ssl3_get_client_certificate(SSL *s) { CBS cbs, client_certs; - int i, ok, al, ret = -1; X509 *x = NULL; - long n; const unsigned char *q; STACK_OF(X509) *sk = NULL; + int i, al, ret; - n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, - -1, s->internal->max_cert_list, &ok); - if (!ok) - return ((int)n); + if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, + -1, s->internal->max_cert_list)) <= 0) + return ret; - if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { + ret = -1; + + if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); al = SSL_AD_HANDSHAKE_FAILURE; - goto f_err; + goto fatal_err; } /* * If tls asked for a client cert, * the client must return a 0 list. */ - if (S3I(s)->tmp.cert_request) { + if (s->s3->hs.tls12.cert_request) { SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST ); al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; + goto fatal_err; } - S3I(s)->tmp.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); - goto f_err; + goto fatal_err; } - if (n < 0) - goto truncated; + if (s->internal->init_num < 0) + goto decode_err; - CBS_init(&cbs, s->internal->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if ((sk = sk_X509_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -2356,7 +2187,7 @@ ssl3_get_client_certificate(SSL *s) if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) || CBS_len(&cbs) != 0) - goto truncated; + goto decode_err; while (CBS_len(&client_certs) > 0) { CBS cert; @@ -2364,7 +2195,7 @@ ssl3_get_client_certificate(SSL *s) if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } q = CBS_data(&cert); @@ -2376,7 +2207,7 @@ ssl3_get_client_certificate(SSL *s) if (q != CBS_data(&cert) + CBS_len(&cert)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + goto fatal_err; } if (!sk_X509_push(sk, x)) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -2394,7 +2225,7 @@ ssl3_get_client_certificate(SSL *s) (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); al = SSL_AD_HANDSHAKE_FAILURE; - goto f_err; + goto fatal_err; } /* No client certificate so free transcript. */ tls1_transcript_free(s); @@ -2403,44 +2234,32 @@ ssl3_get_client_certificate(SSL *s) if (i <= 0) { al = ssl_verify_alarm_type(s->verify_result); SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); - goto f_err; + goto fatal_err; } } - X509_free(s->session->peer); - s->session->peer = sk_X509_shift(sk); - s->session->verify_result = s->verify_result; - - /* - * With the current implementation, sess_cert will always be NULL - * when we arrive here - */ - if (SSI(s)->sess_cert == NULL) { - SSI(s)->sess_cert = ssl_sess_cert_new(); - if (SSI(s)->sess_cert == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - } - sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free); - SSI(s)->sess_cert->cert_chain = sk; + X509_free(s->session->peer_cert); + s->session->peer_cert = sk_X509_shift(sk); /* * Inconsistency alert: cert_chain does *not* include the * peer's own certificate, while we do include it in s3_clnt.c */ - + sk_X509_pop_free(s->session->cert_chain, X509_free); + s->session->cert_chain = sk; sk = NULL; + s->session->verify_result = s->verify_result; + ret = 1; if (0) { -truncated: + decode_err: al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_PACKET_LENGTH); -f_err: + fatal_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); } -err: + err: X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -2451,7 +2270,7 @@ int ssl3_send_server_certificate(SSL *s) { CBB cbb, server_cert; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; /* * Server Certificate - RFC 5246, section 7.4.2. @@ -2459,7 +2278,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_A) { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (0); @@ -2473,7 +2292,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_B; + s->s3->hs.state = SSL3_ST_SW_CERT_B; } /* SSL3_ST_SW_CERT_B */ @@ -2498,20 +2317,22 @@ ssl3_send_newsession_ticket(SSL *s) unsigned char key_name[16]; unsigned char *hmac; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; + EVP_CIPHER_CTX *ctx = NULL; + HMAC_CTX *hctx = NULL; int len; /* * New Session Ticket - RFC 5077, section 3.3. */ - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); - memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + if ((hctx = HMAC_CTX_new()) == NULL) + goto err; + + if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, SSL3_MT_NEWSESSION_TICKET)) goto err; @@ -2528,15 +2349,13 @@ ssl3_send_newsession_ticket(SSL *s) */ if (tctx->internal->tlsext_ticket_key_cb != NULL) { if (tctx->internal->tlsext_ticket_key_cb(s, - key_name, iv, &ctx, &hctx, 1) < 0) { - EVP_CIPHER_CTX_cleanup(&ctx); + key_name, iv, ctx, hctx, 1) < 0) goto err; - } } else { arc4random_buf(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, tctx->internal->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->internal->tlsext_tick_hmac_key, + HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL); memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); } @@ -2546,11 +2365,11 @@ ssl3_send_newsession_ticket(SSL *s) if ((enc_session = calloc(1, enc_session_max_len)) == NULL) goto err; enc_session_len = 0; - if (!EVP_EncryptUpdate(&ctx, enc_session, &len, session, + if (!EVP_EncryptUpdate(ctx, enc_session, &len, session, session_len)) goto err; enc_session_len += len; - if (!EVP_EncryptFinal_ex(&ctx, enc_session + enc_session_len, + if (!EVP_EncryptFinal_ex(ctx, enc_session + enc_session_len, &len)) goto err; enc_session_len += len; @@ -2559,14 +2378,14 @@ ssl3_send_newsession_ticket(SSL *s) goto err; /* Generate the HMAC. */ - if (!HMAC_Update(&hctx, key_name, sizeof(key_name))) + if (!HMAC_Update(hctx, key_name, sizeof(key_name))) goto err; - if (!HMAC_Update(&hctx, iv, EVP_CIPHER_CTX_iv_length(&ctx))) + if (!HMAC_Update(hctx, iv, EVP_CIPHER_CTX_iv_length(ctx))) goto err; - if (!HMAC_Update(&hctx, enc_session, enc_session_len)) + if (!HMAC_Update(hctx, enc_session, enc_session_len)) goto err; - if ((hmac_len = HMAC_size(&hctx)) <= 0) + if ((hmac_len = HMAC_size(hctx)) <= 0) goto err; /* @@ -2583,14 +2402,14 @@ ssl3_send_newsession_ticket(SSL *s) goto err; if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) goto err; - if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(&ctx))) + if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx))) goto err; if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) goto err; if (!CBB_add_space(&ticket, &hmac, hmac_len)) goto err; - if (!HMAC_Final(&hctx, hmac, &hlen)) + if (!HMAC_Final(hctx, hmac, &hlen)) goto err; if (hlen != hmac_len) goto err; @@ -2598,11 +2417,11 @@ ssl3_send_newsession_ticket(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B; } - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); freezero(session, session_len); free(enc_session); @@ -2611,8 +2430,8 @@ ssl3_send_newsession_ticket(SSL *s) err: CBB_cleanup(&cbb); - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); freezero(session, session_len); free(enc_session); @@ -2626,7 +2445,7 @@ ssl3_send_cert_status(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) { if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, SSL3_MT_CERTIFICATE_STATUS)) goto err; @@ -2640,7 +2459,7 @@ ssl3_send_cert_status(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B; } /* SSL3_ST_SW_CERT_STATUS_B */ diff --git a/externals/libressl/ssl/ssl_stat.c b/externals/libressl/ssl/ssl_stat.c index 6b26d4c91..5d35528ac 100755 --- a/externals/libressl/ssl/ssl_stat.c +++ b/externals/libressl/ssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "before SSL initialization"; break; @@ -347,7 +347,7 @@ SSL_state_string(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "PINIT "; break; @@ -578,94 +578,88 @@ SSL_alert_desc_string(int value) const char *str; switch (value & 0xff) { - case SSL3_AD_CLOSE_NOTIFY: + case SSL_AD_CLOSE_NOTIFY: str = "CN"; break; - case SSL3_AD_UNEXPECTED_MESSAGE: + case SSL_AD_UNEXPECTED_MESSAGE: str = "UM"; break; - case SSL3_AD_BAD_RECORD_MAC: + case SSL_AD_BAD_RECORD_MAC: str = "BM"; break; - case SSL3_AD_DECOMPRESSION_FAILURE: + case SSL_AD_DECOMPRESSION_FAILURE: str = "DF"; break; - case SSL3_AD_HANDSHAKE_FAILURE: + case SSL_AD_HANDSHAKE_FAILURE: str = "HF"; break; - case SSL3_AD_NO_CERTIFICATE: - str = "NC"; - break; - case SSL3_AD_BAD_CERTIFICATE: + case SSL_AD_BAD_CERTIFICATE: str = "BC"; break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: + case SSL_AD_UNSUPPORTED_CERTIFICATE: str = "UC"; break; - case SSL3_AD_CERTIFICATE_REVOKED: + case SSL_AD_CERTIFICATE_REVOKED: str = "CR"; break; - case SSL3_AD_CERTIFICATE_EXPIRED: + case SSL_AD_CERTIFICATE_EXPIRED: str = "CE"; break; - case SSL3_AD_CERTIFICATE_UNKNOWN: + case SSL_AD_CERTIFICATE_UNKNOWN: str = "CU"; break; - case SSL3_AD_ILLEGAL_PARAMETER: + case SSL_AD_ILLEGAL_PARAMETER: str = "IP"; break; - case TLS1_AD_DECRYPTION_FAILED: - str = "DC"; - break; - case TLS1_AD_RECORD_OVERFLOW: + case SSL_AD_RECORD_OVERFLOW: str = "RO"; break; - case TLS1_AD_UNKNOWN_CA: + case SSL_AD_UNKNOWN_CA: str = "CA"; break; - case TLS1_AD_ACCESS_DENIED: + case SSL_AD_ACCESS_DENIED: str = "AD"; break; - case TLS1_AD_DECODE_ERROR: + case SSL_AD_DECODE_ERROR: str = "DE"; break; - case TLS1_AD_DECRYPT_ERROR: + case SSL_AD_DECRYPT_ERROR: str = "CY"; break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "ER"; - break; - case TLS1_AD_PROTOCOL_VERSION: + case SSL_AD_PROTOCOL_VERSION: str = "PV"; break; - case TLS1_AD_INSUFFICIENT_SECURITY: + case SSL_AD_INSUFFICIENT_SECURITY: str = "IS"; break; - case TLS1_AD_INTERNAL_ERROR: + case SSL_AD_INTERNAL_ERROR: str = "IE"; break; - case TLS1_AD_USER_CANCELLED: + case SSL_AD_USER_CANCELLED: str = "US"; break; - case TLS1_AD_NO_RENEGOTIATION: + case SSL_AD_NO_RENEGOTIATION: str = "NR"; break; - case TLS1_AD_UNSUPPORTED_EXTENSION: + case SSL_AD_MISSING_EXTENSION: + str = "ME"; + break; + case SSL_AD_UNSUPPORTED_EXTENSION: str = "UE"; break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + case SSL_AD_CERTIFICATE_UNOBTAINABLE: str = "CO"; break; - case TLS1_AD_UNRECOGNIZED_NAME: + case SSL_AD_UNRECOGNIZED_NAME: str = "UN"; break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str = "BR"; break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: str = "BH"; break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: + case SSL_AD_UNKNOWN_PSK_IDENTITY: str = "UP"; break; default: @@ -681,94 +675,88 @@ SSL_alert_desc_string_long(int value) const char *str; switch (value & 0xff) { - case SSL3_AD_CLOSE_NOTIFY: + case SSL_AD_CLOSE_NOTIFY: str = "close notify"; break; - case SSL3_AD_UNEXPECTED_MESSAGE: + case SSL_AD_UNEXPECTED_MESSAGE: str = "unexpected_message"; break; - case SSL3_AD_BAD_RECORD_MAC: + case SSL_AD_BAD_RECORD_MAC: str = "bad record mac"; break; - case SSL3_AD_DECOMPRESSION_FAILURE: + case SSL_AD_DECOMPRESSION_FAILURE: str = "decompression failure"; break; - case SSL3_AD_HANDSHAKE_FAILURE: + case SSL_AD_HANDSHAKE_FAILURE: str = "handshake failure"; break; - case SSL3_AD_NO_CERTIFICATE: - str = "no certificate"; - break; - case SSL3_AD_BAD_CERTIFICATE: + case SSL_AD_BAD_CERTIFICATE: str = "bad certificate"; break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: + case SSL_AD_UNSUPPORTED_CERTIFICATE: str = "unsupported certificate"; break; - case SSL3_AD_CERTIFICATE_REVOKED: + case SSL_AD_CERTIFICATE_REVOKED: str = "certificate revoked"; break; - case SSL3_AD_CERTIFICATE_EXPIRED: + case SSL_AD_CERTIFICATE_EXPIRED: str = "certificate expired"; break; - case SSL3_AD_CERTIFICATE_UNKNOWN: + case SSL_AD_CERTIFICATE_UNKNOWN: str = "certificate unknown"; break; - case SSL3_AD_ILLEGAL_PARAMETER: + case SSL_AD_ILLEGAL_PARAMETER: str = "illegal parameter"; break; - case TLS1_AD_DECRYPTION_FAILED: - str = "decryption failed"; - break; - case TLS1_AD_RECORD_OVERFLOW: + case SSL_AD_RECORD_OVERFLOW: str = "record overflow"; break; - case TLS1_AD_UNKNOWN_CA: + case SSL_AD_UNKNOWN_CA: str = "unknown CA"; break; - case TLS1_AD_ACCESS_DENIED: + case SSL_AD_ACCESS_DENIED: str = "access denied"; break; - case TLS1_AD_DECODE_ERROR: + case SSL_AD_DECODE_ERROR: str = "decode error"; break; - case TLS1_AD_DECRYPT_ERROR: + case SSL_AD_DECRYPT_ERROR: str = "decrypt error"; break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "export restriction"; - break; - case TLS1_AD_PROTOCOL_VERSION: + case SSL_AD_PROTOCOL_VERSION: str = "protocol version"; break; - case TLS1_AD_INSUFFICIENT_SECURITY: + case SSL_AD_INSUFFICIENT_SECURITY: str = "insufficient security"; break; - case TLS1_AD_INTERNAL_ERROR: + case SSL_AD_INTERNAL_ERROR: str = "internal error"; break; - case TLS1_AD_USER_CANCELLED: + case SSL_AD_USER_CANCELLED: str = "user canceled"; break; - case TLS1_AD_NO_RENEGOTIATION: + case SSL_AD_NO_RENEGOTIATION: str = "no renegotiation"; break; - case TLS1_AD_UNSUPPORTED_EXTENSION: + case SSL_AD_MISSING_EXTENSION: + str = "missing extension"; + break; + case SSL_AD_UNSUPPORTED_EXTENSION: str = "unsupported extension"; break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: + case SSL_AD_CERTIFICATE_UNOBTAINABLE: str = "certificate unobtainable"; break; - case TLS1_AD_UNRECOGNIZED_NAME: + case SSL_AD_UNRECOGNIZED_NAME: str = "unrecognized name"; break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: + case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str = "bad certificate status response"; break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: + case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: str = "bad certificate hash value"; break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: + case SSL_AD_UNKNOWN_PSK_IDENTITY: str = "unknown PSK identity"; break; default: diff --git a/externals/libressl/ssl/ssl_tlsext.c b/externals/libressl/ssl/ssl_tlsext.c index a039d0b10..f93f44ceb 100755 --- a/externals/libressl/ssl/ssl_tlsext.c +++ b/externals/libressl/ssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -17,13 +17,18 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + +#include +#include + #include #include - -#include "ssl_locl.h" +#include #include "bytestring.h" +#include "ssl_locl.h" #include "ssl_sigalgs.h" #include "ssl_tlsext.h" @@ -36,7 +41,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) { /* ALPN protos have been specified and this is the initial handshake */ return s->internal->alpn_client_proto_list != NULL && - S3I(s)->tmp.finish_md_len == 0; + s->s3->hs.finished_len == 0; } int @@ -85,21 +90,37 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) if (s->ctx->internal->alpn_select_cb == NULL) return 1; + /* + * XXX - A few things should be considered here: + * 1. Ensure that the same protocol is selected on session resumption. + * 2. Should the callback be called even if no ALPN extension was sent? + * 3. TLSv1.2 and earlier: ensure that SNI has already been processed. + */ r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len, CBS_data(&alpn), CBS_len(&alpn), s->ctx->internal->alpn_select_cb_arg); + if (r == SSL_TLSEXT_ERR_OK) { - free(S3I(s)->alpn_selected); - if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { - S3I(s)->alpn_selected_len = 0; + free(s->s3->alpn_selected); + if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { + s->s3->alpn_selected_len = 0; *alert = SSL_AD_INTERNAL_ERROR; return 0; } - memcpy(S3I(s)->alpn_selected, selected, selected_len); - S3I(s)->alpn_selected_len = selected_len; + memcpy(s->s3->alpn_selected, selected, selected_len); + s->s3->alpn_selected_len = selected_len; + + return 1; } - return 1; + /* On SSL_TLSEXT_ERR_NOACK behave as if no callback was present. */ + if (r == SSL_TLSEXT_ERR_NOACK) + return 1; + + *alert = SSL_AD_NO_APPLICATION_PROTOCOL; + SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL); + + return 0; err: *alert = SSL_AD_DECODE_ERROR; @@ -109,7 +130,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) { - return S3I(s)->alpn_selected != NULL; + return s->s3->alpn_selected != NULL; } int @@ -123,8 +144,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(&list, &selected)) return 0; - if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected, - S3I(s)->alpn_selected_len)) + if (!CBB_add_bytes(&selected, s->s3->alpn_selected, + s->s3->alpn_selected_len)) return 0; if (!CBB_flush(cbb)) @@ -139,7 +160,7 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) CBS list, proto; if (s->internal->alpn_client_proto_list == NULL) { - *alert = TLS1_AD_UNSUPPORTED_EXTENSION; + *alert = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } @@ -156,14 +177,14 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (CBS_len(&proto) == 0) goto err; - if (!CBS_stow(&proto, &(S3I(s)->alpn_selected), - &(S3I(s)->alpn_selected_len))) + if (!CBS_stow(&proto, &(s->s3->alpn_selected), + &(s->s3->alpn_selected_len))) goto err; return 1; err: - *alert = TLS1_AD_DECODE_ERROR; + *alert = SSL_AD_DECODE_ERROR; return 0; } @@ -174,7 +195,7 @@ int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s) || - (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); + (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int @@ -226,8 +247,8 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, uint16_t *groups; int i; - if (S3I(s)->hs_tls13.hrr) { - if (SSI(s)->tlsext_supportedgroups == NULL) { + if (s->s3->hs.tls13.hrr) { + if (s->session->tlsext_supportedgroups == NULL) { *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } @@ -235,7 +256,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, * In the case of TLSv1.3 the client cannot change * the supported groups. */ - if (groups_len != SSI(s)->tlsext_supportedgroups_length) { + if (groups_len != s->session->tlsext_supportedgroups_length) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } @@ -244,7 +265,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, if (!CBS_get_u16(&grouplist, &group)) goto err; - if (SSI(s)->tlsext_supportedgroups[i] != group) { + if (s->session->tlsext_supportedgroups[i] != group) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } @@ -253,12 +274,12 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, return 1; } - if (SSI(s)->tlsext_supportedgroups != NULL) + if (s->session->tlsext_supportedgroups != NULL) goto err; if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -274,14 +295,14 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, goto err; } - SSI(s)->tlsext_supportedgroups = groups; - SSI(s)->tlsext_supportedgroups_length = groups_len; + s->session->tlsext_supportedgroups = groups; + s->session->tlsext_supportedgroups_length = groups_len; } return 1; err: - *alert = TLS1_AD_DECODE_ERROR; + *alert = SSL_AD_DECODE_ERROR; return 0; } @@ -313,7 +334,7 @@ tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, * https://support.f5.com/csp/article/K37345003 */ if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -353,31 +374,28 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) CBS ecpf; if (!CBS_get_u8_length_prefixed(cbs, &ecpf)) - goto err; + return 0; if (CBS_len(&ecpf) == 0) - goto err; + return 0; if (CBS_len(cbs) != 0) - goto err; + return 0; - /* Must contain uncompressed (0) */ + /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */ if (!CBS_contains_zero_byte(&ecpf)) { SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - goto err; + *alert = SSL_AD_ILLEGAL_PARAMETER; + return 0; } if (!s->internal->hit) { - if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist), - &(SSI(s)->tlsext_ecpointformatlist_length))) { - *alert = TLS1_AD_INTERNAL_ERROR; + if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist), + &(s->session->tlsext_ecpointformatlist_length))) { + *alert = SSL_AD_INTERNAL_ERROR; return 0; } } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } int @@ -401,9 +419,6 @@ tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) { - if (s->version == DTLS1_VERSION) - return 0; - return ssl_using_ecc_cipher(s); } @@ -435,8 +450,8 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -454,15 +469,15 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (CBS_len(cbs) != 0) goto err; - if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; @@ -475,7 +490,8 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ri_server_needs(SSL *s, uint16_t msg_type) { - return (s->version < TLS1_3_VERSION && S3I(s)->send_connection_binding); + return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->send_connection_binding); } int @@ -485,11 +501,11 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -506,42 +522,42 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ensure that the previous client and server values are both not * present, or that they are both present. */ - if ((S3I(s)->previous_client_finished_len == 0 && - S3I(s)->previous_server_finished_len != 0) || - (S3I(s)->previous_client_finished_len != 0 && - S3I(s)->previous_server_finished_len == 0)) { - *alert = TLS1_AD_INTERNAL_ERROR; + if ((s->s3->previous_client_finished_len == 0 && + s->s3->previous_server_finished_len != 0) || + (s->s3->previous_client_finished_len != 0 && + s->s3->previous_server_finished_len == 0)) { + *alert = SSL_AD_INTERNAL_ERROR; return 0; } if (!CBS_get_u8_length_prefixed(cbs, &reneg)) goto err; if (!CBS_get_bytes(&reneg, &prev_client, - S3I(s)->previous_client_finished_len)) + s->s3->previous_client_finished_len)) goto err; if (!CBS_get_bytes(&reneg, &prev_server, - S3I(s)->previous_server_finished_len)) + s->s3->previous_server_finished_len)) goto err; if (CBS_len(&reneg) != 0) goto err; if (CBS_len(cbs) != 0) goto err; - if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) { + if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; @@ -557,28 +573,22 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) { - return (TLS1_get_client_version(s) >= TLS1_2_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); } int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - uint16_t *tls_sigalgs = tls12_sigalgs; - size_t tls_sigalgs_len = tls12_sigalgs_len; + uint16_t tls_version = s->s3->hs.negotiated_tls_version; CBB sigalgs; - if (TLS1_get_client_version(s) >= TLS1_3_VERSION && - S3I(s)->hs_tls13.min_version >= TLS1_3_VERSION) { - tls_sigalgs = tls13_sigalgs; - tls_sigalgs_len = tls13_sigalgs_len; - } + if (msg_type == SSL_TLSEXT_MSG_CH) + tls_version = s->s3->hs.our_min_tls_version; if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - - if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len)) + if (!ssl_sigalgs_build(tls_version, &sigalgs)) return 0; - if (!CBB_flush(cbb)) return 0; @@ -594,7 +604,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; @@ -603,27 +613,18 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) { - return (s->version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { - uint16_t *tls_sigalgs = tls12_sigalgs; - size_t tls_sigalgs_len = tls12_sigalgs_len; CBB sigalgs; - if (s->version >= TLS1_3_VERSION) { - tls_sigalgs = tls13_sigalgs; - tls_sigalgs_len = tls13_sigalgs_len; - } - if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - - if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len)) + if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs)) return 0; - if (!CBB_flush(cbb)) return 0; @@ -635,14 +636,14 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS sigalgs; - if (s->version < TLS1_3_VERSION) + if (ssl_effective_tls_version(s) < TLS1_3_VERSION) return 0; if (!CBS_get_u16_length_prefixed(cbs, &sigalgs)) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; @@ -677,6 +678,29 @@ tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } +static int +tlsext_sni_is_ip_literal(CBS *cbs, int *is_ip) +{ + union { + struct in_addr ip4; + struct in6_addr ip6; + } addrbuf; + char *hostname = NULL; + + *is_ip = 0; + + if (!CBS_strdup(cbs, &hostname)) + return 0; + + if (inet_pton(AF_INET, hostname, &addrbuf) == 1 || + inet_pton(AF_INET6, hostname, &addrbuf) == 1) + *is_ip = 1; + + free(hostname); + + return 1; +} + /* * Validate that the CBS contains only a hostname consisting of RFC 5890 * compliant A-labels (see RFC 6066 section 3). Not a complete check @@ -684,18 +708,26 @@ tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) * correct structure and character set. */ int -tlsext_sni_is_valid_hostname(CBS *cbs) +tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) { uint8_t prev, c = 0; int component = 0; CBS hostname; + *is_ip = 0; + CBS_dup(cbs, &hostname); if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name) return 0; - while(CBS_len(&hostname) > 0) { + /* An IP literal is invalid as a host name (RFC 6066 section 3). */ + if (!tlsext_sni_is_ip_literal(&hostname, is_ip)) + return 0; + if (*is_ip) + return 0; + + while (CBS_len(&hostname) > 0) { prev = c; if (!CBS_get_u8(&hostname, &c)) return 0; @@ -731,62 +763,73 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS server_name_list, host_name; uint8_t name_type; + int is_ip; if (!CBS_get_u16_length_prefixed(cbs, &server_name_list)) goto err; if (!CBS_get_u8(&server_name_list, &name_type)) goto err; + /* * RFC 6066 section 3, only one type (host_name) is specified. * We do not tolerate unknown types, neither does BoringSSL. * other implementations appear more tolerant. */ if (name_type != TLSEXT_NAMETYPE_host_name) { - *alert = SSL3_AD_ILLEGAL_PARAMETER; + *alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } - - if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name)) - goto err; /* * RFC 6066 section 3 specifies a host name must be at least 1 byte * so 0 length is a decode error. */ + if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name)) + goto err; if (CBS_len(&host_name) < 1) goto err; - if (!tlsext_sni_is_valid_hostname(&host_name)) { - *alert = SSL3_AD_ILLEGAL_PARAMETER; + if (!tlsext_sni_is_valid_hostname(&host_name, &is_ip)) { + /* + * Various pieces of software have been known to set the SNI + * host name to an IP address, even though that violates the + * RFC. If this is the case, pretend the SNI extension does + * not exist. + */ + if (is_ip) + goto done; + + *alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } - if (s->internal->hit || S3I(s)->hs_tls13.hrr) { + if (s->internal->hit || s->s3->hs.tls13.hrr) { if (s->session->tlsext_hostname == NULL) { - *alert = TLS1_AD_UNRECOGNIZED_NAME; + *alert = SSL_AD_UNRECOGNIZED_NAME; goto err; } if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname, strlen(s->session->tlsext_hostname))) { - *alert = TLS1_AD_UNRECOGNIZED_NAME; + *alert = SSL_AD_UNRECOGNIZED_NAME; goto err; } } else { if (s->session->tlsext_hostname != NULL) goto err; if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; goto err; } } + done: /* * RFC 6066 section 3 forbids multiple host names with the same type, * therefore we allow only one entry. */ if (CBS_len(&server_name_list) != 0) { - *alert = SSL3_AD_ILLEGAL_PARAMETER; + *alert = SSL_AD_ILLEGAL_PARAMETER; goto err; } if (CBS_len(cbs) != 0) @@ -817,18 +860,18 @@ int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) { - *alert = TLS1_AD_UNRECOGNIZED_NAME; + *alert = SSL_AD_UNRECOGNIZED_NAME; return 0; } if (s->internal->hit) { if (s->session->tlsext_hostname == NULL) { - *alert = TLS1_AD_UNRECOGNIZED_NAME; + *alert = SSL_AD_UNRECOGNIZED_NAME; return 0; } if (strcmp(s->tlsext_hostname, s->session->tlsext_hostname) != 0) { - *alert = TLS1_AD_UNRECOGNIZED_NAME; + *alert = SSL_AD_UNRECOGNIZED_NAME; return 0; } } else { @@ -838,7 +881,7 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } if ((s->session->tlsext_hostname = strdup(s->tlsext_hostname)) == NULL) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } } @@ -848,14 +891,12 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* - *Certificate Status Request - RFC 6066 section 8. + * Certificate Status Request - RFC 6066 section 8. */ int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) - return 0; if (msg_type != SSL_TLSEXT_MSG_CH) return 0; @@ -925,7 +966,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) s->tlsext_status_type = -1; if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } return 1; @@ -986,7 +1027,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) { - if (s->version >= TLS1_3_VERSION && + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && s->ctx->internal->tlsext_status_cb != NULL) { s->internal->tlsext_status_expected = 0; @@ -1003,7 +1044,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB ocsp_response; - if (s->version >= TLS1_3_VERSION) { + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) { if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) return 0; if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) @@ -1021,11 +1062,10 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - CBS response; - uint16_t version = TLS1_get_client_version(s); uint8_t status_type; + CBS response; - if (version >= TLS1_3_VERSION) { + if (ssl_effective_tls_version(s) >= TLS1_3_VERSION) { if (msg_type == SSL_TLSEXT_MSG_CR) { /* * RFC 8446, 4.4.2.1 - the server may request an OCSP @@ -1060,7 +1100,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } } else { if (s->tlsext_status_type == -1) { - *alert = TLS1_AD_UNSUPPORTED_EXTENSION; + *alert = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } /* Set flag to expect CertificateStatus message */ @@ -1144,14 +1184,14 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs), (int)CBS_len(cbs), s->internal->tls_session_ticket_ext_cb_arg)) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } } /* We need to signal that this was processed fully */ if (!CBS_skip(cbs, CBS_len(cbs))) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -1180,13 +1220,13 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs), (int)CBS_len(cbs), s->internal->tls_session_ticket_ext_cb_arg)) { - *alert = TLS1_AD_INTERNAL_ERROR; + *alert = SSL_AD_INTERNAL_ERROR; return 0; } } if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) { - *alert = TLS1_AD_UNSUPPORTED_EXTENSION; + *alert = SSL_AD_UNSUPPORTED_EXTENSION; return 0; } @@ -1204,7 +1244,7 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type) { - return SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) != NULL; + return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL; } int @@ -1213,7 +1253,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) CBB profiles, mki; int ct, i; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL; - SRTP_PROTECTION_PROFILE *prof; + const SRTP_PROTECTION_PROFILE *prof; if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); @@ -1247,7 +1287,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - SRTP_PROTECTION_PROFILE *cprof, *sprof; + const SRTP_PROTECTION_PROFILE *cprof, *sprof; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr; int i, j; int ret; @@ -1327,7 +1367,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type) { - return SSL_IS_DTLS(s) && SSL_get_selected_srtp_profile(s) != NULL; + return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL; } int @@ -1358,7 +1398,7 @@ int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; - SRTP_PROTECTION_PROFILE *prof; + const SRTP_PROTECTION_PROFILE *prof; int i; uint16_t id; CBS profile_ids, mki; @@ -1411,23 +1451,23 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) { - /* XXX once this gets initialized when we get tls13_client.c */ - if (S3I(s)->hs_tls13.max_version == 0) - return 0; - return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >= - TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - CBB client_shares; + CBB client_shares, key_exchange; if (!CBB_add_u16_length_prefixed(cbb, &client_shares)) return 0; - if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, - &client_shares)) + if (!CBB_add_u16(&client_shares, + tls_key_share_group(s->s3->hs.key_share))) + return 0; + if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) return 0; if (!CBB_flush(cbb)) @@ -1440,16 +1480,17 @@ int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS client_shares, key_exchange; + int decode_error; uint16_t group; if (!CBS_get_u16_length_prefixed(cbs, &client_shares)) - goto err; + return 0; while (CBS_len(&client_shares) > 0) { /* Unpack client share. */ if (!CBS_get_u16(&client_shares, &group)) - goto err; + return 0; if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) return 0; @@ -1462,9 +1503,9 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ignore this client share if we're using earlier than TLSv1.3 * or we've already selected a key share. */ - if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) + if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) continue; - if (S3I(s)->hs_tls13.key_share != NULL) + if (s->s3->hs.key_share != NULL) continue; /* XXX - consider implementing server preference. */ @@ -1472,44 +1513,51 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) continue; /* Decode and store the selected key share. */ - S3I(s)->hs_tls13.key_share = tls13_key_share_new(group); - if (S3I(s)->hs_tls13.key_share == NULL) - goto err; - if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, - group, &key_exchange)) - goto err; + if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, + &key_exchange, &decode_error, NULL)) { + if (!decode_error) + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION) - return 0; - - return tlsext_extension_seen(s, TLSEXT_TYPE_key_share); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && + tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); } int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { + CBB key_exchange; + /* In the case of a HRR, we only send the server selected group. */ - if (S3I(s)->hs_tls13.hrr) { - if (S3I(s)->hs_tls13.server_group == 0) + if (s->s3->hs.tls13.hrr) { + if (s->s3->hs.tls13.server_group == 0) return 0; - return CBB_add_u16(cbb, S3I(s)->hs_tls13.server_group); + return CBB_add_u16(cbb, s->s3->hs.tls13.server_group); } - if (S3I(s)->hs_tls13.key_share == NULL) + if (s->s3->hs.key_share == NULL) return 0; - if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, cbb)) + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) + return 0; + if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) + return 0; + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) + return 0; + + if (!CBB_flush(cbb)) return 0; return 1; @@ -1519,34 +1567,41 @@ int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS key_exchange; + int decode_error; uint16_t group; /* Unpack server share. */ if (!CBS_get_u16(cbs, &group)) - goto err; + return 0; if (CBS_len(cbs) == 0) { - /* HRR does not include an actual key share. */ - /* XXX - we should know that we are in a HRR... */ - S3I(s)->hs_tls13.server_group = group; + /* HRR does not include an actual key share, only the group. */ + if (msg_type != SSL_TLSEXT_MSG_HRR) + return 0; + + s->s3->hs.tls13.server_group = group; return 1; } if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) return 0; - if (S3I(s)->hs_tls13.key_share == NULL) + if (s->s3->hs.key_share == NULL) { + *alert = SSL_AD_INTERNAL_ERROR; return 0; - - if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share, - group, &key_exchange)) - goto err; + } + if (tls_key_share_group(s->s3->hs.key_share) != group) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + if (!tls_key_share_peer_public(s->s3->hs.key_share, + &key_exchange, &decode_error, NULL)) { + if (!decode_error) + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } return 1; - - err: - *alert = SSL_AD_DECODE_ERROR; - return 0; } /* @@ -1555,9 +1610,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) - return 0; - return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int @@ -1567,11 +1620,8 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) uint16_t version; CBB versions; - max = S3I(s)->hs_tls13.max_version; - min = S3I(s)->hs_tls13.min_version; - - if (min < TLS1_VERSION) - return 0; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBB_add_u8_length_prefixed(cbb, &versions)) return 0; @@ -1596,8 +1646,8 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) uint16_t max, min; uint16_t matched_version = 0; - max = S3I(s)->hs_tls13.max_version; - min = S3I(s)->hs_tls13.min_version; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBS_get_u8_length_prefixed(cbs, &versions)) goto err; @@ -1613,16 +1663,8 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) matched_version = version; } - /* - * XXX if we haven't matched a version we should - * fail - but we currently need to succeed to - * ignore this before the server code for 1.3 - * is set up and initialized. - */ - if (max == 0) - return 1; /* XXX */ - - if (matched_version != 0) { + if (matched_version > 0) { + /* XXX - this should be stored for later processing. */ s->version = matched_version; return 1; } @@ -1638,17 +1680,13 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_server_needs(SSL *s, uint16_t msg_type) { - return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { - if (!CBB_add_u16(cbb, TLS1_3_VERSION)) - return 0; - /* XXX set 1.2 in legacy version? */ - - return 1; + return CBB_add_u16(cbb, TLS1_3_VERSION); } int @@ -1661,13 +1699,14 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } + /* XXX - need to fix for DTLS 1.3 */ if (selected_version < TLS1_3_VERSION) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } /* XXX test between min and max once initialization code goes in */ - S3I(s)->hs_tls13.server_version = selected_version; + s->s3->hs.tls13.server_version = selected_version; return 1; } @@ -1680,12 +1719,8 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) - return 0; - if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) - return 0; - return (S3I(s)->hs_tls13.cookie_len > 0 && - S3I(s)->hs_tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } int @@ -1696,8 +1731,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, - S3I(s)->hs_tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1714,7 +1749,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &cookie)) goto err; - if (CBS_len(&cookie) != S3I(s)->hs_tls13.cookie_len) + if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) goto err; /* @@ -1722,8 +1757,8 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * sent - client *MUST* send the same cookie with new CR after * a cookie is sent by the server with an HRR. */ - if (!CBS_mem_equal(&cookie, S3I(s)->hs_tls13.cookie, - S3I(s)->hs_tls13.cookie_len)) { + if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) { /* XXX special cookie mismatch alert? */ *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -1739,17 +1774,12 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) { - - if (SSL_IS_DTLS(s)) - return 0; - if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) - return 0; /* * Server needs to set cookie value in tls13 handshake * in order to send one, should only be sent with HRR. */ - return (S3I(s)->hs_tls13.cookie_len > 0 && - S3I(s)->hs_tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } int @@ -1762,8 +1792,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs_tls13.cookie, - S3I(s)->hs_tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1782,8 +1812,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * HRR from a server with a cookie to process after accepting * one from the server in the same handshake */ - if (S3I(s)->hs_tls13.cookie != NULL || - S3I(s)->hs_tls13.cookie_len != 0) { + if (s->s3->hs.tls13.cookie != NULL || + s->s3->hs.tls13.cookie_len != 0) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } @@ -1791,8 +1821,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &cookie)) goto err; - if (!CBS_stow(&cookie, &S3I(s)->hs_tls13.cookie, - &S3I(s)->hs_tls13.cookie_len)) + if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, + &s->s3->hs.tls13.cookie_len)) goto err; return 1; @@ -1815,7 +1845,7 @@ struct tls_extension { struct tls_extension_funcs server; }; -static struct tls_extension tls_extensions[] = { +static const struct tls_extension tls_extensions[] = { { .type = TLSEXT_TYPE_supported_versions, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | @@ -1997,7 +2027,7 @@ static struct tls_extension tls_extensions[] = { /* Ensure that extensions fit in a uint32_t bitmask. */ CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8)); -struct tls_extension * +const struct tls_extension * tls_extension_find(uint16_t type, size_t *tls_extensions_idx) { size_t i; @@ -2019,11 +2049,11 @@ tlsext_extension_seen(SSL *s, uint16_t type) if (tls_extension_find(type, &idx) == NULL) return 0; - return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); + return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); } -static struct tls_extension_funcs * -tlsext_funcs(struct tls_extension *tlsext, int is_server) +static const struct tls_extension_funcs * +tlsext_funcs(const struct tls_extension *tlsext, int is_server) { if (is_server) return &tlsext->server; @@ -2034,17 +2064,14 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server) static int tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb) { - struct tls_extension_funcs *ext; - struct tls_extension *tlsext; + const struct tls_extension_funcs *ext; + const struct tls_extension *tlsext; CBB extensions, extension_data; int extensions_present = 0; + uint16_t tls_version; size_t i; - uint16_t version; - if (is_server) - version = s->version; - else - version = TLS1_get_client_version(s); + tls_version = ssl_effective_tls_version(s); if (!CBB_add_u16_length_prefixed(cbb, &extensions)) return 0; @@ -2054,7 +2081,7 @@ tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb) ext = tlsext_funcs(tlsext, is_server); /* RFC 8446 Section 4.2 */ - if (version >= TLS1_3_VERSION && + if (tls_version >= TLS1_3_VERSION && !(tlsext->messages & msg_type)) continue; @@ -2112,20 +2139,17 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs) static int tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) { - struct tls_extension_funcs *ext; - struct tls_extension *tlsext; + const struct tls_extension_funcs *ext; + const struct tls_extension *tlsext; CBS extensions, extension_data; uint16_t type; size_t idx; - uint16_t version; + uint16_t tls_version; int alert_desc; - S3I(s)->hs.extensions_seen = 0; + tls_version = ssl_effective_tls_version(s); - if (is_server) - version = s->version; - else - version = TLS1_get_client_version(s); + s->s3->hs.extensions_seen = 0; /* An empty extensions block is valid. */ if (CBS_len(cbs) == 0) @@ -2143,33 +2167,33 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) goto err; if (s->internal->tlsext_debug_cb != NULL) - s->internal->tlsext_debug_cb(s, is_server, type, + s->internal->tlsext_debug_cb(s, !is_server, type, (unsigned char *)CBS_data(&extension_data), CBS_len(&extension_data), s->internal->tlsext_debug_arg); - if (!SSL_IS_DTLS(s) && version >= TLS1_3_VERSION && is_server && + /* Unknown extensions are ignored. */ + if ((tlsext = tls_extension_find(type, &idx)) == NULL) + continue; + + if (tls_version >= TLS1_3_VERSION && is_server && msg_type == SSL_TLSEXT_MSG_CH) { if (!tlsext_clienthello_hash_extension(s, type, &extension_data)) goto err; } - /* Unknown extensions are ignored. */ - if ((tlsext = tls_extension_find(type, &idx)) == NULL) - continue; - /* RFC 8446 Section 4.2 */ - if (version >= TLS1_3_VERSION && + if (tls_version >= TLS1_3_VERSION && !(tlsext->messages & msg_type)) { alert_desc = SSL_AD_ILLEGAL_PARAMETER; goto err; } /* Check for duplicate known extensions. */ - if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) + if ((s->s3->hs.extensions_seen & (1 << idx)) != 0) goto err; - S3I(s)->hs.extensions_seen |= (1 << idx); + s->s3->hs.extensions_seen |= (1 << idx); ext = tlsext_funcs(tlsext, is_server); if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) @@ -2191,10 +2215,10 @@ static void tlsext_server_reset_state(SSL *s) { s->tlsext_status_type = -1; - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; s->internal->srtp_profile = NULL; } @@ -2217,10 +2241,10 @@ tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) static void tlsext_client_reset_state(SSL *s) { - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; } int diff --git a/externals/libressl/ssl/ssl_tlsext.h b/externals/libressl/ssl/ssl_tlsext.h index d98b387c5..b4c135fdf 100755 --- a/externals/libressl/ssl/ssl_tlsext.h +++ b/externals/libressl/ssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.25 2020/07/03 04:51:59 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.27 2021/11/01 16:37:17 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -60,7 +60,7 @@ int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_sni_server_needs(SSL *s, uint16_t msg_type); int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_sni_is_valid_hostname(CBS *cbs); +int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip); int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type); int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb); @@ -134,7 +134,7 @@ int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -struct tls_extension *tls_extension_find(uint16_t, size_t *); +const struct tls_extension *tls_extension_find(uint16_t, size_t *); int tlsext_extension_seen(SSL *s, uint16_t); __END_HIDDEN_DECLS diff --git a/externals/libressl/ssl/ssl_transcript.c b/externals/libressl/ssl/ssl_transcript.c index b93004cd1..d0af8e694 100755 --- a/externals/libressl/ssl/ssl_transcript.c +++ b/externals/libressl/ssl/ssl_transcript.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_transcript.c,v 1.2 2020/02/05 16:47:34 jsing Exp $ */ +/* $OpenBSD: ssl_transcript.c,v 1.7 2022/03/17 17:22:16 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -15,10 +15,10 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ssl_locl.h" - #include +#include "ssl_locl.h" + int tls1_transcript_hash_init(SSL *s) { @@ -33,11 +33,11 @@ tls1_transcript_hash_init(SSL *s) goto err; } - if ((S3I(s)->handshake_hash = EVP_MD_CTX_new()) == NULL) { + if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) { + if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -50,7 +50,7 @@ tls1_transcript_hash_init(SSL *s) SSLerror(s, ERR_R_EVP_LIB); goto err; } - + return 1; err: @@ -62,32 +62,35 @@ tls1_transcript_hash_init(SSL *s) int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) { - if (S3I(s)->handshake_hash == NULL) + if (s->s3->handshake_hash == NULL) return 1; - return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len); + return EVP_DigestUpdate(s->s3->handshake_hash, buf, len); } int -tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, +tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len, size_t *outlen) { EVP_MD_CTX *mdctx = NULL; unsigned int mdlen; int ret = 0; - if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len) + if (s->s3->handshake_hash == NULL) + goto err; + + if (EVP_MD_CTX_size(s->s3->handshake_hash) > len) goto err; if ((mdctx = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) { + if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } - if (!EVP_DigestFinal_ex(mdctx, (unsigned char *)out, &mdlen)) { + if (!EVP_DigestFinal_ex(mdctx, out, &mdlen)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -105,17 +108,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, void tls1_transcript_hash_free(SSL *s) { - EVP_MD_CTX_free(S3I(s)->handshake_hash); - S3I(s)->handshake_hash = NULL; + EVP_MD_CTX_free(s->s3->handshake_hash); + s->s3->handshake_hash = NULL; } int tls1_transcript_init(SSL *s) { - if (S3I(s)->handshake_transcript != NULL) + if (s->s3->handshake_transcript != NULL) return 0; - if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL) + if ((s->s3->handshake_transcript = BUF_MEM_new()) == NULL) return 0; tls1_transcript_reset(s); @@ -126,8 +129,8 @@ tls1_transcript_init(SSL *s) void tls1_transcript_free(SSL *s) { - BUF_MEM_free(S3I(s)->handshake_transcript); - S3I(s)->handshake_transcript = NULL; + BUF_MEM_free(s->s3->handshake_transcript); + s->s3->handshake_transcript = NULL; } void @@ -139,8 +142,8 @@ tls1_transcript_reset(SSL *s) * it is impossible to tell if it succeeded (returning a length of zero) * or if it failed (and returned zero)... our implementation never * fails with a length of zero, so we trust all is okay... - */ - (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0); + */ + (void)BUF_MEM_grow_clean(s->s3->handshake_transcript, 0); tls1_transcript_unfreeze(s); } @@ -150,22 +153,22 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) { size_t olen, nlen; - if (S3I(s)->handshake_transcript == NULL) + if (s->s3->handshake_transcript == NULL) return 1; if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT) return 1; - olen = S3I(s)->handshake_transcript->length; + olen = s->s3->handshake_transcript->length; nlen = olen + len; if (nlen < olen) return 0; - if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0) + if (BUF_MEM_grow(s->s3->handshake_transcript, nlen) == 0) return 0; - memcpy(S3I(s)->handshake_transcript->data + olen, buf, len); + memcpy(s->s3->handshake_transcript->data + olen, buf, len); return 1; } @@ -173,11 +176,11 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len) { - if (S3I(s)->handshake_transcript == NULL) + if (s->s3->handshake_transcript == NULL) return 0; - *data = S3I(s)->handshake_transcript->data; - *len = S3I(s)->handshake_transcript->length; + *data = s->s3->handshake_transcript->data; + *len = s->s3->handshake_transcript->length; return 1; } diff --git a/externals/libressl/ssl/ssl_txt.c b/externals/libressl/ssl/ssl_txt.c index 0180d075a..8718f8c65 100755 --- a/externals/libressl/ssl/ssl_txt.c +++ b/externals/libressl/ssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.31 2021/11/29 18:36:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -95,7 +95,7 @@ SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) BIO *b; int ret; - if ((b = BIO_new(BIO_s_file_internal())) == NULL) { + if ((b = BIO_new(BIO_s_file())) == NULL) { SSLerrorx(ERR_R_BUF_LIB); return (0); } @@ -152,7 +152,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, - "\n TLS session ticket lifetime hint: %ld (seconds)", + "\n TLS session ticket lifetime hint: %u (seconds)", x->tlsext_tick_lifetime_hint) <= 0) goto err; } @@ -182,7 +182,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; return (1); -err: + err: return (0); } diff --git a/externals/libressl/ssl/ssl_versions.c b/externals/libressl/ssl/ssl_versions.c index b21fa7198..4069670dc 100755 --- a/externals/libressl/ssl/ssl_versions.c +++ b/externals/libressl/ssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.6 2020/05/31 18:03:32 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.22 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -17,8 +17,28 @@ #include "ssl_locl.h" +static uint16_t +ssl_dtls_to_tls_version(uint16_t dtls_ver) +{ + if (dtls_ver == DTLS1_VERSION) + return TLS1_1_VERSION; + if (dtls_ver == DTLS1_2_VERSION) + return TLS1_2_VERSION; + return 0; +} + +static uint16_t +ssl_tls_to_dtls_version(uint16_t tls_ver) +{ + if (tls_ver == TLS1_1_VERSION) + return DTLS1_VERSION; + if (tls_ver == TLS1_2_VERSION) + return DTLS1_2_VERSION; + return 0; +} + static int -ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, +ssl_clamp_tls_version_range(uint16_t *min_ver, uint16_t *max_ver, uint16_t clamp_min, uint16_t clamp_max) { if (clamp_min > clamp_max || *min_ver > *max_ver) @@ -35,55 +55,80 @@ ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, } int -ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver, - uint16_t *out_ver) +ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, + uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver) { - uint16_t min_version, max_version; + uint16_t min_proto, min_version, max_version; - if (ver == 0) { - *out_ver = meth->internal->min_version; + if (proto_ver == 0) { + *out_tls_ver = meth->min_tls_version; + *out_proto_ver = 0; return 1; } - min_version = ver; - max_version = max_ver; + min_version = proto_ver; + max_version = max_tls_ver; - if (!ssl_clamp_version_range(&min_version, &max_version, - meth->internal->min_version, meth->internal->max_version)) + if (meth->dtls) { + if ((min_version = ssl_dtls_to_tls_version(proto_ver)) == 0) + return 0; + } + + if (!ssl_clamp_tls_version_range(&min_version, &max_version, + meth->min_tls_version, meth->max_tls_version)) return 0; - *out_ver = min_version; - + min_proto = min_version; + if (meth->dtls) { + if ((min_proto = ssl_tls_to_dtls_version(min_version)) == 0) + return 0; + } + *out_tls_ver = min_version; + *out_proto_ver = min_proto; + return 1; } int -ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver, - uint16_t *out_ver) +ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, + uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver) { - uint16_t min_version, max_version; + uint16_t max_proto, min_version, max_version; - if (ver == 0) { - *out_ver = meth->internal->max_version; + if (proto_ver == 0) { + *out_tls_ver = meth->max_tls_version; + *out_proto_ver = 0; return 1; } - min_version = min_ver; - max_version = ver; + min_version = min_tls_ver; + max_version = proto_ver; - if (!ssl_clamp_version_range(&min_version, &max_version, - meth->internal->min_version, meth->internal->max_version)) + if (meth->dtls) { + if ((max_version = ssl_dtls_to_tls_version(proto_ver)) == 0) + return 0; + } + + if (!ssl_clamp_tls_version_range(&min_version, &max_version, + meth->min_tls_version, meth->max_tls_version)) return 0; - *out_ver = max_version; - + max_proto = max_version; + if (meth->dtls) { + if ((max_proto = ssl_tls_to_dtls_version(max_version)) == 0) + return 0; + } + *out_tls_ver = max_version; + *out_proto_ver = max_proto; + return 1; } int -ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) +ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) { uint16_t min_version, max_version; + unsigned long options; /* * The enabled versions have to be a contiguous range, which means we @@ -95,23 +140,32 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) min_version = 0; max_version = TLS1_3_VERSION; + options = s->internal->options; - if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) + if (SSL_is_dtls(s)) { + options = 0; + if (s->internal->options & SSL_OP_NO_DTLSv1) + options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; + if (s->internal->options & SSL_OP_NO_DTLSv1_2) + options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2; + } + + if ((options & SSL_OP_NO_TLSv1) == 0) min_version = TLS1_VERSION; - else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0) + else if ((options & SSL_OP_NO_TLSv1_1) == 0) min_version = TLS1_1_VERSION; - else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) + else if ((options & SSL_OP_NO_TLSv1_2) == 0) min_version = TLS1_2_VERSION; - else if ((s->internal->options & SSL_OP_NO_TLSv1_3) == 0) + else if ((options & SSL_OP_NO_TLSv1_3) == 0) min_version = TLS1_3_VERSION; - if ((s->internal->options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) + if ((options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) max_version = TLS1_2_VERSION; - if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) + if ((options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) max_version = TLS1_1_VERSION; - if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) + if ((options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) max_version = TLS1_VERSION; - if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) + if ((options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) max_version = 0; /* Everything has been disabled... */ @@ -119,8 +173,8 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) return 0; /* Limit to configured version range. */ - if (!ssl_clamp_version_range(&min_version, &max_version, - s->internal->min_version, s->internal->max_version)) + if (!ssl_clamp_tls_version_range(&min_version, &max_version, + s->internal->min_tls_version, s->internal->max_tls_version)) return 0; if (min_ver != NULL) @@ -132,26 +186,18 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) } int -ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) +ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) { uint16_t min_version, max_version; - /* DTLS cannot currently be disabled... */ - if (SSL_IS_DTLS(s)) { - min_version = max_version = DTLS1_VERSION; - goto done; - } - - if (!ssl_enabled_version_range(s, &min_version, &max_version)) + if (!ssl_enabled_tls_version_range(s, &min_version, &max_version)) return 0; /* Limit to the versions supported by this method. */ - if (!ssl_clamp_version_range(&min_version, &max_version, - s->method->internal->min_version, - s->method->internal->max_version)) + if (!ssl_clamp_tls_version_range(&min_version, &max_version, + s->method->min_tls_version, s->method->max_tls_version)) return 0; - done: if (min_ver != NULL) *min_ver = min_version; if (max_ver != NULL) @@ -160,33 +206,111 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) return 1; } +uint16_t +ssl_tls_version(uint16_t version) +{ + if (version == TLS1_VERSION || version == TLS1_1_VERSION || + version == TLS1_2_VERSION || version == TLS1_3_VERSION) + return version; + + if (version == DTLS1_VERSION) + return TLS1_1_VERSION; + if (version == DTLS1_2_VERSION) + return TLS1_2_VERSION; + + return 0; +} + +uint16_t +ssl_effective_tls_version(SSL *s) +{ + if (s->s3->hs.negotiated_tls_version > 0) + return s->s3->hs.negotiated_tls_version; + + return s->s3->hs.our_max_tls_version; +} + +int +ssl_max_supported_version(SSL *s, uint16_t *max_ver) +{ + uint16_t max_version; + + *max_ver = 0; + + if (!ssl_supported_tls_version_range(s, NULL, &max_version)) + return 0; + + if (SSL_is_dtls(s)) { + if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0) + return 0; + } + + *max_ver = max_version; + + return 1; +} + +int +ssl_max_legacy_version(SSL *s, uint16_t *max_ver) +{ + uint16_t max_version; + + if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION) + max_version = TLS1_2_VERSION; + + if (SSL_is_dtls(s)) { + if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0) + return 0; + } + + *max_ver = max_version; + + return 1; +} + int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) { - uint16_t min_version, max_version, shared_version; + uint16_t min_version, max_version, peer_tls_version, shared_version; *max_ver = 0; + peer_tls_version = peer_ver; - if (SSL_IS_DTLS(s)) { - if (peer_ver >= DTLS1_VERSION) { - *max_ver = DTLS1_VERSION; - return 1; + if (SSL_is_dtls(s)) { + if ((peer_ver >> 8) != DTLS1_VERSION_MAJOR) + return 0; + + /* + * Convert the peer version to a TLS version - DTLS versions are + * the 1's complement of TLS version numbers (but not the actual + * protocol version numbers, that would be too sensible). Not to + * mention that DTLSv1.0 is really equivalent to DTLSv1.1. + */ + peer_tls_version = ssl_dtls_to_tls_version(peer_ver); + + /* + * This may be a version that we do not know about, if it is + * newer than DTLS1_2_VERSION (yes, less than is correct due + * to the "clever" versioning scheme), use TLS1_2_VERSION. + */ + if (peer_tls_version == 0) { + if (peer_ver < DTLS1_2_VERSION) + peer_tls_version = TLS1_2_VERSION; } - return 0; } - if (peer_ver >= TLS1_3_VERSION) + if (peer_tls_version >= TLS1_3_VERSION) shared_version = TLS1_3_VERSION; - else if (peer_ver >= TLS1_2_VERSION) + else if (peer_tls_version >= TLS1_2_VERSION) shared_version = TLS1_2_VERSION; - else if (peer_ver >= TLS1_1_VERSION) + else if (peer_tls_version >= TLS1_1_VERSION) shared_version = TLS1_1_VERSION; - else if (peer_ver >= TLS1_VERSION) + else if (peer_tls_version >= TLS1_VERSION) shared_version = TLS1_VERSION; else return 0; - if (!ssl_supported_version_range(s, &min_version, &max_version)) + if (!ssl_supported_tls_version_range(s, &min_version, &max_version)) return 0; if (shared_version < min_version) @@ -195,39 +319,49 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) if (shared_version > max_version) shared_version = max_version; + if (SSL_is_dtls(s)) { + /* + * The resulting shared version will by definition be something + * that we know about. Switch back from TLS to DTLS. + */ + shared_version = ssl_tls_to_dtls_version(shared_version); + if (shared_version == 0) + return 0; + } + *max_ver = shared_version; return 1; } int -ssl_downgrade_max_version(SSL *s, uint16_t *max_ver) +ssl_check_version_from_server(SSL *s, uint16_t server_version) { - uint16_t min_version, max_version; + uint16_t min_tls_version, max_tls_version, server_tls_version; - /* - * The downgrade maximum version is based on the versions that are - * enabled, however we also have to then limit to the versions - * supported by the method. The SSL method will be changed during - * version negotiation and when switching from the new stack to - * the legacy context, as such we want to use the method from the - * context. - */ + /* Ensure that the version selected by the server is valid. */ - if (SSL_IS_DTLS(s)) { - *max_ver = DTLS1_VERSION; - return 1; + server_tls_version = server_version; + if (SSL_is_dtls(s)) { + server_tls_version = ssl_dtls_to_tls_version(server_version); + if (server_tls_version == 0) + return 0; } - if (!ssl_enabled_version_range(s, &min_version, &max_version)) + if (!ssl_supported_tls_version_range(s, &min_tls_version, + &max_tls_version)) return 0; - if (!ssl_clamp_version_range(&min_version, &max_version, - s->ctx->method->internal->min_version, - s->ctx->method->internal->max_version)) - return 0; - - *max_ver = max_version; - - return 1; + return (server_tls_version >= min_tls_version && + server_tls_version <= max_tls_version); +} + +int +ssl_legacy_stack_version(SSL *s, uint16_t version) +{ + if (SSL_is_dtls(s)) + return version == DTLS1_VERSION || version == DTLS1_2_VERSION; + + return version == TLS1_VERSION || version == TLS1_1_VERSION || + version == TLS1_2_VERSION; } diff --git a/externals/libressl/ssl/t1_enc.c b/externals/libressl/ssl/t1_enc.c index a66c82bdc..c996159a4 100755 --- a/externals/libressl/ssl/t1_enc.c +++ b/externals/libressl/ssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.123 2020/08/30 15:40:20 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -138,34 +138,19 @@ #include #include -#include "ssl_locl.h" - #include #include #include +#include -int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, - const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len, - const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len, - const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len); +#include "dtls_locl.h" +#include "ssl_locl.h" void tls1_cleanup_key_block(SSL *s) { - freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len); - S3I(s)->hs.key_block = NULL; - S3I(s)->hs.key_block_len = 0; -} - -void -tls1_record_sequence_increment(unsigned char *seq) -{ - int i; - - for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) { - if (++seq[i] != 0) - break; - } + tls12_key_block_free(s->s3->hs.tls12.key_block); + s->s3->hs.tls12.key_block = NULL; } /* @@ -179,8 +164,8 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, { unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE]; size_t A1_len, hmac_len; - EVP_MD_CTX ctx; - EVP_PKEY *mac_key; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *mac_key = NULL; int ret = 0; int chunk; size_t i; @@ -188,42 +173,43 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); + if ((ctx = EVP_MD_CTX_new()) == NULL) + goto err; mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len); - if (!mac_key) + if (mac_key == NULL) goto err; - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; for (;;) { - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, hmac, &hmac_len)) + if (!EVP_DigestSignFinal(ctx, hmac, &hmac_len)) goto err; if (hmac_len > out_len) @@ -238,18 +224,18 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len, if (out_len == 0) break; - if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; } ret = 1; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); explicit_bzero(A1, sizeof(A1)); explicit_bzero(hmac, sizeof(hmac)); @@ -271,7 +257,7 @@ tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, if (!ssl_get_handshake_evp_md(s, &md)) return (0); - if (md->type == NID_md5_sha1) { + if (EVP_MD_type(md) == NID_md5_sha1) { /* * Partition secret between MD5 and SHA1, then XOR result. * If the secret length is odd, a one byte overlap is used. @@ -299,313 +285,76 @@ tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, return (1); } -static int -tls1_generate_key_block(SSL *s, unsigned char *km, int num) +int +tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len) { - if (num < 0) - return (0); - return tls1_PRF(s, s->session->master_key, s->session->master_key_length, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, km, num); -} - -/* - * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success - * and 0 on failure. - */ -static int -tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) -{ - if (*aead_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx); - return (1); - } - - *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); - if (*aead_ctx == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (0); - } - - return (1); + NULL, 0, NULL, 0, key_block, key_block_len); } static int -tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, - unsigned int key_len, const unsigned char *iv, unsigned int iv_len) +tls1_change_cipher_state(SSL *s, int is_write) { - const EVP_AEAD *aead = S3I(s)->tmp.new_aead; - SSL_AEAD_CTX *aead_ctx; + CBS mac_key, key, iv; - /* XXX - Need to avoid clearing write state for DTLS. */ - if (SSL_IS_DTLS(s)) - return 0; - - if (is_read) { - ssl_clear_cipher_read_state(s); - if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx)) - return 0; - aead_ctx = s->internal->aead_read_ctx; - - if (!tls12_record_layer_set_read_aead(s->internal->rl, aead_ctx)) - return 0; + /* Use client write keys on client write and server read. */ + if ((!s->server && is_write) || (s->server && !is_write)) { + tls12_key_block_client_write(s->s3->hs.tls12.key_block, + &mac_key, &key, &iv); } else { - ssl_clear_cipher_write_state(s); - if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx)) - return 0; - aead_ctx = s->internal->aead_write_ctx; - - if (!tls12_record_layer_set_write_aead(s->internal->rl, aead_ctx)) - return 0; + tls12_key_block_server_write(s->s3->hs.tls12.key_block, + &mac_key, &key, &iv); } - if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) - return (0); - if (iv_len > sizeof(aead_ctx->fixed_nonce)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } - memcpy(aead_ctx->fixed_nonce, iv, iv_len); - aead_ctx->fixed_nonce_len = iv_len; - aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ - aead_ctx->variable_nonce_in_record = - (S3I(s)->hs.new_cipher->algorithm2 & - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; - aead_ctx->xor_fixed_nonce = - S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; - aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); - - if (aead_ctx->xor_fixed_nonce) { - if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || - aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } + if (!is_write) { + if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, + &mac_key, &key, &iv)) + goto err; + if (SSL_is_dtls(s)) + dtls1_reset_read_seq_numbers(s); } else { - if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != - EVP_AEAD_nonce_length(aead)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } - } - - return (1); -} - -/* - * tls1_change_cipher_state_cipher performs the work needed to switch cipher - * states when using EVP_CIPHER. The argument is_read is true iff this function - * is being called due to reading, as opposed to writing, a ChangeCipherSpec - * message. - */ -static int -tls1_change_cipher_state_cipher(SSL *s, char is_read, - const unsigned char *mac_secret, unsigned int mac_secret_size, - const unsigned char *key, unsigned int key_len, const unsigned char *iv, - unsigned int iv_len) -{ - EVP_CIPHER_CTX *cipher_ctx; - const EVP_CIPHER *cipher; - EVP_MD_CTX *mac_ctx; - EVP_PKEY *mac_key; - const EVP_MD *mac; - int stream_mac; - int mac_type; - - cipher = S3I(s)->tmp.new_sym_enc; - mac = S3I(s)->tmp.new_hash; - mac_type = S3I(s)->tmp.new_mac_pkey_type; - stream_mac = S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC; - - if (is_read) { - if (stream_mac) - s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; - else - s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - - ssl_clear_cipher_read_state(s); - - if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - s->enc_read_ctx = cipher_ctx; - if ((mac_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - s->read_hash = mac_ctx; - - if (!tls12_record_layer_set_read_cipher_hash(s->internal->rl, - cipher_ctx, mac_ctx, stream_mac)) - goto err; - } else { - if (stream_mac) - s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; - else - s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; - - /* - * DTLS fragments retain a pointer to the compression, cipher - * and hash contexts, so that it can restore state in order - * to perform retransmissions. As such, we cannot free write - * contexts that are used for DTLS - these are instead freed - * by DTLS when its frees a ChangeCipherSpec fragment. - */ - if (!SSL_IS_DTLS(s)) - ssl_clear_cipher_write_state(s); - - if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - s->internal->enc_write_ctx = cipher_ctx; - if ((mac_ctx = EVP_MD_CTX_new()) == NULL) - goto err; - s->internal->write_hash = mac_ctx; - - if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl, - cipher_ctx, mac_ctx, stream_mac)) + if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, + &mac_key, &key, &iv)) goto err; } - - EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); - - if ((mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, - mac_secret_size)) == NULL) - goto err; - EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key); - EVP_PKEY_free(mac_key); - - if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { - int nid; - if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) - nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - else - nid = NID_id_tc26_gost_28147_param_Z; - - EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); - if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC) - EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); - } - return (1); -err: - SSLerrorx(ERR_R_MALLOC_FAILURE); + err: return (0); } int -tls1_change_cipher_state(SSL *s, int which) +tls1_change_read_cipher_state(SSL *s) { - const unsigned char *client_write_mac_secret, *server_write_mac_secret; - const unsigned char *client_write_key, *server_write_key; - const unsigned char *client_write_iv, *server_write_iv; - const unsigned char *mac_secret, *key, *iv; - int mac_secret_size, key_len, iv_len; - unsigned char *key_block, *seq; - const EVP_CIPHER *cipher; - const EVP_AEAD *aead; - char is_read, use_client_keys; + return tls1_change_cipher_state(s, 0); +} - cipher = S3I(s)->tmp.new_sym_enc; - aead = S3I(s)->tmp.new_aead; - - /* - * is_read is true if we have just read a ChangeCipherSpec message, - * that is we need to update the read cipherspec. Otherwise we have - * just written one. - */ - is_read = (which & SSL3_CC_READ) != 0; - - /* - * use_client_keys is true if we wish to use the keys for the "client - * write" direction. This is the case if we're a client sending a - * ChangeCipherSpec, or a server reading a client's ChangeCipherSpec. - */ - use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || - (which == SSL3_CHANGE_CIPHER_SERVER_READ)); - - /* - * Reset sequence number to zero - for DTLS this is handled in - * dtls1_reset_seq_numbers(). - */ - if (!SSL_IS_DTLS(s)) { - seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence; - memset(seq, 0, SSL3_SEQUENCE_SIZE); - } - - if (aead != NULL) { - key_len = EVP_AEAD_key_length(aead); - iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); - } else { - key_len = EVP_CIPHER_key_length(cipher); - iv_len = EVP_CIPHER_iv_length(cipher); - } - - mac_secret_size = S3I(s)->tmp.new_mac_secret_size; - - key_block = S3I(s)->hs.key_block; - client_write_mac_secret = key_block; - key_block += mac_secret_size; - server_write_mac_secret = key_block; - key_block += mac_secret_size; - client_write_key = key_block; - key_block += key_len; - server_write_key = key_block; - key_block += key_len; - client_write_iv = key_block; - key_block += iv_len; - server_write_iv = key_block; - key_block += iv_len; - - if (use_client_keys) { - mac_secret = client_write_mac_secret; - key = client_write_key; - iv = client_write_iv; - } else { - mac_secret = server_write_mac_secret; - key = server_write_key; - iv = server_write_iv; - } - - if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err2; - } - - if (is_read) { - memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size); - S3I(s)->read_mac_secret_size = mac_secret_size; - } else { - memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size); - S3I(s)->write_mac_secret_size = mac_secret_size; - } - - if (aead != NULL) { - return tls1_change_cipher_state_aead(s, is_read, key, key_len, - iv, iv_len); - } - - return tls1_change_cipher_state_cipher(s, is_read, - mac_secret, mac_secret_size, key, key_len, iv, iv_len); - -err2: - return (0); +int +tls1_change_write_cipher_state(SSL *s) +{ + return tls1_change_cipher_state(s, 1); } int tls1_setup_key_block(SSL *s) { - unsigned char *key_block; + struct tls12_key_block *key_block; int mac_type = NID_undef, mac_secret_size = 0; - int key_block_len, key_len, iv_len; const EVP_CIPHER *cipher = NULL; const EVP_AEAD *aead = NULL; - const EVP_MD *mac = NULL; + const EVP_MD *handshake_hash = NULL; + const EVP_MD *mac_hash = NULL; int ret = 0; - if (S3I(s)->hs.key_block_len != 0) + /* + * XXX - callers should be changed so that they only call this + * function once. + */ + if (s->s3->hs.tls12.key_block != NULL) return (1); if (s->session->cipher && @@ -614,54 +363,45 @@ tls1_setup_key_block(SSL *s) SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } - key_len = EVP_AEAD_key_length(aead); - iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher); } else { - if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, - &mac_secret_size)) { + /* XXX - mac_type and mac_secret_size are now unused. */ + if (!ssl_cipher_get_evp(s->session, &cipher, &mac_hash, + &mac_type, &mac_secret_size)) { SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } - key_len = EVP_CIPHER_key_length(cipher); - iv_len = EVP_CIPHER_iv_length(cipher); } - S3I(s)->tmp.new_aead = aead; - S3I(s)->tmp.new_sym_enc = cipher; - S3I(s)->tmp.new_hash = mac; - S3I(s)->tmp.new_mac_pkey_type = mac_type; - S3I(s)->tmp.new_mac_secret_size = mac_secret_size; + if (!ssl_get_handshake_evp_md(s, &handshake_hash)) + return (0); - tls1_cleanup_key_block(s); + tls12_record_layer_set_aead(s->internal->rl, aead); + tls12_record_layer_set_cipher_hash(s->internal->rl, cipher, + handshake_hash, mac_hash); - if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, - 2)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); + if ((key_block = tls12_key_block_new()) == NULL) goto err; - } - key_block_len = (mac_secret_size + key_len + iv_len) * 2; - - S3I(s)->hs.key_block_len = key_block_len; - S3I(s)->hs.key_block = key_block; - - if (!tls1_generate_key_block(s, key_block, key_block_len)) + if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash)) goto err; + s->s3->hs.tls12.key_block = key_block; + key_block = NULL; + if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && - s->method->internal->version <= TLS1_VERSION) { + s->method->version <= TLS1_VERSION) { /* * Enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - S3I(s)->need_empty_fragments = 1; + s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #endif } } @@ -669,379 +409,11 @@ tls1_setup_key_block(SSL *s) ret = 1; err: + tls12_key_block_free(key_block); + return (ret); } -/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occured. - */ -int -tls1_enc(SSL *s, int send) -{ - const SSL_AEAD_CTX *aead; - const EVP_CIPHER *enc; - EVP_CIPHER_CTX *ds; - SSL3_RECORD_INTERNAL *rec; - unsigned char *seq; - unsigned long l; - int bs, i, j, k, ret, mac_size = 0; - - if (send) { - /* No longer supported. */ - return -1; - } else { - aead = s->internal->aead_read_ctx; - rec = &S3I(s)->rrec; - seq = S3I(s)->read_sequence; - } - - if (aead) { - unsigned char ad[13], *in, *out, nonce[16]; - size_t out_len, pad_len = 0; - unsigned int nonce_used; - - if (SSL_IS_DTLS(s)) { - dtls1_build_sequence_number(ad, seq, - send ? D1I(s)->w_epoch : D1I(s)->r_epoch); - } else { - memcpy(ad, seq, SSL3_SEQUENCE_SIZE); - tls1_record_sequence_increment(seq); - } - - ad[8] = rec->type; - ad[9] = (unsigned char)(s->version >> 8); - ad[10] = (unsigned char)(s->version); - - if (aead->variable_nonce_len > 8 || - aead->variable_nonce_len > sizeof(nonce)) - return -1; - - if (aead->xor_fixed_nonce) { - if (aead->fixed_nonce_len > sizeof(nonce) || - aead->variable_nonce_len > aead->fixed_nonce_len) - return -1; /* Should never happen. */ - pad_len = aead->fixed_nonce_len - aead->variable_nonce_len; - } else { - if (aead->fixed_nonce_len + - aead->variable_nonce_len > sizeof(nonce)) - return -1; /* Should never happen. */ - } - - if (send) { - size_t len = rec->length; - size_t eivlen = 0; - in = rec->input; - out = rec->data; - - if (aead->xor_fixed_nonce) { - /* - * The sequence number is left zero - * padded, then xored with the fixed - * nonce. - */ - memset(nonce, 0, pad_len); - memcpy(nonce + pad_len, ad, - aead->variable_nonce_len); - for (i = 0; i < aead->fixed_nonce_len; i++) - nonce[i] ^= aead->fixed_nonce[i]; - nonce_used = aead->fixed_nonce_len; - } else { - /* - * When sending we use the sequence number as - * the variable part of the nonce. - */ - memcpy(nonce, aead->fixed_nonce, - aead->fixed_nonce_len); - nonce_used = aead->fixed_nonce_len; - memcpy(nonce + nonce_used, ad, - aead->variable_nonce_len); - nonce_used += aead->variable_nonce_len; - } - - /* - * In do_ssl3_write, rec->input is moved forward by - * variable_nonce_len in order to leave space for the - * variable nonce. Thus we can copy the sequence number - * bytes into place without overwriting any of the - * plaintext. - */ - if (aead->variable_nonce_in_record) { - memcpy(out, ad, aead->variable_nonce_len); - len -= aead->variable_nonce_len; - eivlen = aead->variable_nonce_len; - } - - ad[11] = len >> 8; - ad[12] = len & 0xff; - - if (!EVP_AEAD_CTX_seal(&aead->ctx, - out + eivlen, &out_len, len + aead->tag_len, nonce, - nonce_used, in + eivlen, len, ad, sizeof(ad))) - return -1; - if (aead->variable_nonce_in_record) - out_len += aead->variable_nonce_len; - } else { - /* receive */ - size_t len = rec->length; - - if (rec->data != rec->input) - return -1; /* internal error - should never happen. */ - out = in = rec->input; - - if (len < aead->variable_nonce_len) - return 0; - - if (aead->xor_fixed_nonce) { - /* - * The sequence number is left zero - * padded, then xored with the fixed - * nonce. - */ - memset(nonce, 0, pad_len); - memcpy(nonce + pad_len, ad, - aead->variable_nonce_len); - for (i = 0; i < aead->fixed_nonce_len; i++) - nonce[i] ^= aead->fixed_nonce[i]; - nonce_used = aead->fixed_nonce_len; - } else { - memcpy(nonce, aead->fixed_nonce, - aead->fixed_nonce_len); - nonce_used = aead->fixed_nonce_len; - - memcpy(nonce + nonce_used, - aead->variable_nonce_in_record ? in : ad, - aead->variable_nonce_len); - nonce_used += aead->variable_nonce_len; - } - - if (aead->variable_nonce_in_record) { - in += aead->variable_nonce_len; - len -= aead->variable_nonce_len; - out += aead->variable_nonce_len; - } - - if (len < aead->tag_len) - return 0; - len -= aead->tag_len; - - ad[11] = len >> 8; - ad[12] = len & 0xff; - - if (!EVP_AEAD_CTX_open(&aead->ctx, out, &out_len, len, - nonce, nonce_used, in, len + aead->tag_len, ad, - sizeof(ad))) - return -1; - - rec->data = rec->input = out; - } - - rec->length = out_len; - - return 1; - } - - if (send) { - if (EVP_MD_CTX_md(s->internal->write_hash)) { - int n = EVP_MD_CTX_size(s->internal->write_hash); - OPENSSL_assert(n >= 0); - } - ds = s->internal->enc_write_ctx; - if (s->internal->enc_write_ctx == NULL) - enc = NULL; - else { - int ivlen = 0; - enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx); - if (SSL_USE_EXPLICIT_IV(s) && - EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) - ivlen = EVP_CIPHER_iv_length(enc); - if (ivlen > 1) { - if (rec->data != rec->input) { -#ifdef DEBUG - /* we can't write into the input stream: - * Can this ever happen?? (steve) - */ - fprintf(stderr, - "%s:%d: rec->data != rec->input\n", - __FILE__, __LINE__); -#endif - } else - arc4random_buf(rec->input, ivlen); - } - } - } else { - if (EVP_MD_CTX_md(s->read_hash)) { - int n = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(n >= 0); - } - ds = s->enc_read_ctx; - if (s->enc_read_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memmove(rec->data, rec->input, rec->length); - rec->input = rec->data; - ret = 1; - } else { - l = rec->length; - bs = EVP_CIPHER_block_size(ds->cipher); - - if (bs != 1 && send) { - i = bs - ((int)l % bs); - - /* Add weird padding of upto 256 bytes */ - - /* we need to add 'i' padding bytes of value j */ - j = i - 1; - for (k = (int)l; k < (int)(l + i); k++) - rec->input[k] = j; - l += i; - rec->length += i; - } - - if (!send) { - if (l == 0 || l % bs != 0) - return 0; - } - - i = EVP_Cipher(ds, rec->data, rec->input, l); - if ((EVP_CIPHER_flags(ds->cipher) & - EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0)) - return -1; /* AEAD can fail to verify MAC */ - - ret = 1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); - if ((bs != 1) && !send) - ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); - } - return ret; -} - -int -tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out) -{ - unsigned char buf[EVP_MAX_MD_SIZE]; - size_t hash_len; - - if (str_len < 0) - return 0; - - if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len)) - return 0; - - if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, - str, str_len, buf, hash_len, NULL, 0, NULL, 0, NULL, 0, - out, TLS1_FINISH_MAC_LENGTH)) - return 0; - - return TLS1_FINISH_MAC_LENGTH; -} - -int -tls1_mac(SSL *ssl, unsigned char *md, int send) -{ - SSL3_RECORD_INTERNAL *rec; - unsigned char *seq; - EVP_MD_CTX *hash; - size_t md_size, orig_len; - EVP_MD_CTX hmac, *mac_ctx; - unsigned char header[13]; - int stream_mac = (send ? - (ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : - (ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); - int t; - - if (send) { - /* No longer supported. */ - return -1; - } else { - rec = &(ssl->s3->internal->rrec); - seq = &(ssl->s3->internal->read_sequence[0]); - hash = ssl->read_hash; - } - - t = EVP_MD_CTX_size(hash); - OPENSSL_assert(t >= 0); - md_size = t; - - /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ - if (stream_mac) { - mac_ctx = hash; - } else { - if (!EVP_MD_CTX_copy(&hmac, hash)) - return -1; - mac_ctx = &hmac; - } - - if (SSL_IS_DTLS(ssl)) - dtls1_build_sequence_number(header, seq, - send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch); - else - memcpy(header, seq, SSL3_SEQUENCE_SIZE); - - orig_len = rec->length + md_size + rec->padding_length; - - header[8] = rec->type; - header[9] = (unsigned char)(ssl->version >> 8); - header[10] = (unsigned char)(ssl->version); - header[11] = (rec->length) >> 8; - header[12] = (rec->length) & 0xff; - - if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) { - /* This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of - * data we are hashing because that gives an attacker a - * timing-oracle. */ - if (!ssl3_cbc_digest_record(mac_ctx, - md, &md_size, header, rec->input, - rec->length + md_size, orig_len, - ssl->s3->internal->read_mac_secret, - ssl->s3->internal->read_mac_secret_size)) - return -1; - } else { - EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); - EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); - t = EVP_DigestSignFinal(mac_ctx, md, &md_size); - OPENSSL_assert(t > 0); - } - - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); - - if (!SSL_IS_DTLS(ssl)) - tls1_record_sequence_increment(seq); - - return (md_size); -} - -int -tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) -{ - if (len < 0) - return 0; - - if (!tls1_PRF(s, p, len, - TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, - s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, - s->session->master_key, SSL_MAX_MASTER_KEY_LENGTH)) - return 0; - - return (SSL_MAX_MASTER_KEY_LENGTH); -} - int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *context, @@ -1051,6 +423,11 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, size_t vallen, currentvalpos; int rv; + if (!SSL_is_init_finished(s)) { + SSLerror(s, SSL_R_BAD_STATE); + return 0; + } + /* construct PRF arguments * we construct the PRF argument ourself rather than passing separate * values into the TLS PRF to ensure that the concatenation of values @@ -1104,86 +481,15 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, out, olen); goto ret; -err1: + err1: SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); rv = 0; goto ret; -err2: + err2: SSLerror(s, ERR_R_MALLOC_FAILURE); rv = 0; -ret: + ret: free(val); return (rv); } - -int -tls1_alert_code(int code) -{ - switch (code) { - case SSL_AD_CLOSE_NOTIFY: - return (SSL3_AD_CLOSE_NOTIFY); - case SSL_AD_UNEXPECTED_MESSAGE: - return (SSL3_AD_UNEXPECTED_MESSAGE); - case SSL_AD_BAD_RECORD_MAC: - return (SSL3_AD_BAD_RECORD_MAC); - case SSL_AD_DECRYPTION_FAILED: - return (TLS1_AD_DECRYPTION_FAILED); - case SSL_AD_RECORD_OVERFLOW: - return (TLS1_AD_RECORD_OVERFLOW); - case SSL_AD_DECOMPRESSION_FAILURE: - return (SSL3_AD_DECOMPRESSION_FAILURE); - case SSL_AD_HANDSHAKE_FAILURE: - return (SSL3_AD_HANDSHAKE_FAILURE); - case SSL_AD_NO_CERTIFICATE: - return (-1); - case SSL_AD_BAD_CERTIFICATE: - return (SSL3_AD_BAD_CERTIFICATE); - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return (SSL3_AD_UNSUPPORTED_CERTIFICATE); - case SSL_AD_CERTIFICATE_REVOKED: - return (SSL3_AD_CERTIFICATE_REVOKED); - case SSL_AD_CERTIFICATE_EXPIRED: - return (SSL3_AD_CERTIFICATE_EXPIRED); - case SSL_AD_CERTIFICATE_UNKNOWN: - return (SSL3_AD_CERTIFICATE_UNKNOWN); - case SSL_AD_ILLEGAL_PARAMETER: - return (SSL3_AD_ILLEGAL_PARAMETER); - case SSL_AD_UNKNOWN_CA: - return (TLS1_AD_UNKNOWN_CA); - case SSL_AD_ACCESS_DENIED: - return (TLS1_AD_ACCESS_DENIED); - case SSL_AD_DECODE_ERROR: - return (TLS1_AD_DECODE_ERROR); - case SSL_AD_DECRYPT_ERROR: - return (TLS1_AD_DECRYPT_ERROR); - case SSL_AD_EXPORT_RESTRICTION: - return (TLS1_AD_EXPORT_RESTRICTION); - case SSL_AD_PROTOCOL_VERSION: - return (TLS1_AD_PROTOCOL_VERSION); - case SSL_AD_INSUFFICIENT_SECURITY: - return (TLS1_AD_INSUFFICIENT_SECURITY); - case SSL_AD_INTERNAL_ERROR: - return (TLS1_AD_INTERNAL_ERROR); - case SSL_AD_INAPPROPRIATE_FALLBACK: - return(TLS1_AD_INAPPROPRIATE_FALLBACK); - case SSL_AD_USER_CANCELLED: - return (TLS1_AD_USER_CANCELLED); - case SSL_AD_NO_RENEGOTIATION: - return (TLS1_AD_NO_RENEGOTIATION); - case SSL_AD_UNSUPPORTED_EXTENSION: - return (TLS1_AD_UNSUPPORTED_EXTENSION); - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return (TLS1_AD_CERTIFICATE_UNOBTAINABLE); - case SSL_AD_UNRECOGNIZED_NAME: - return (TLS1_AD_UNRECOGNIZED_NAME); - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return (TLS1_AD_UNKNOWN_PSK_IDENTITY); - default: - return (-1); - } -} diff --git a/externals/libressl/ssl/t1_lib.c b/externals/libressl/ssl/t1_lib.c index f091dd001..fc1ccca5b 100755 --- a/externals/libressl/ssl/t1_lib.c +++ b/externals/libressl/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.176 2020/09/12 17:25:11 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.186 2022/01/24 13:47:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,34 +116,20 @@ #include #include -#include "ssl_locl.h" - #include "bytestring.h" +#include "ssl_locl.h" #include "ssl_sigalgs.h" #include "ssl_tlsext.h" static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess); -SSL3_ENC_METHOD TLSv1_enc_data = { - .enc_flags = 0, -}; - -SSL3_ENC_METHOD TLSv1_1_enc_data = { - .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, -}; - -SSL3_ENC_METHOD TLSv1_2_enc_data = { - .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| - SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, -}; - int tls1_new(SSL *s) { if (!ssl3_new(s)) return (0); - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -161,10 +147,10 @@ void tls1_clear(SSL *s) { ssl3_clear(s); - s->version = s->method->internal->version; + s->version = s->method->version; } -static int nid_list[] = { +static const int nid_list[] = { NID_sect163k1, /* sect163k1 (1) */ NID_sect163r1, /* sect163r1 (2) */ NID_sect163r2, /* sect163r2 (3) */ @@ -343,8 +329,8 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, size_t *pformatslen) { if (client_formats != 0) { - *pformats = SSI(s)->tlsext_ecpointformatlist; - *pformatslen = SSI(s)->tlsext_ecpointformatlist_length; + *pformats = s->session->tlsext_ecpointformatlist; + *pformatslen = s->session->tlsext_ecpointformatlist_length; return; } @@ -366,8 +352,8 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups, size_t *pgroupslen) { if (client_groups != 0) { - *pgroups = SSI(s)->tlsext_supportedgroups; - *pgroupslen = SSI(s)->tlsext_supportedgroups_length; + *pgroups = s->session->tlsext_supportedgroups; + *pgroupslen = s->session->tlsext_supportedgroups_length; return; } @@ -583,19 +569,19 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) int tls1_check_ec_server_key(SSL *s) { - CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; + SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; uint16_t curve_id; uint8_t comp_id; + EC_KEY *eckey; EVP_PKEY *pkey; - int rv; if (cpk->x509 == NULL || cpk->privatekey == NULL) return (0); - if ((pkey = X509_get_pubkey(cpk->x509)) == NULL) + if ((pkey = X509_get0_pubkey(cpk->x509)) == NULL) return (0); - rv = tls1_set_ec_id(&curve_id, &comp_id, pkey->pkey.ec); - EVP_PKEY_free(pkey); - if (rv != 1) + if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) + return (0); + if (!tls1_set_ec_id(&curve_id, &comp_id, eckey)) return (0); return tls1_check_ec_key(s, &curve_id, &comp_id); @@ -648,7 +634,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->internal->tlsext_status_cb) { int r; - CERT_PKEY *certpkey; + SSL_CERT_PKEY *certpkey; certpkey = ssl_get_server_send_pkey(s); /* If no certificate can't return certificate status */ if (certpkey == NULL) { @@ -682,7 +668,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) } else s->internal->tlsext_status_expected = 0; -err: + err: switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s, SSL3_AL_FATAL, al); diff --git a/externals/libressl/ssl/tls12_key_schedule.c b/externals/libressl/ssl/tls12_key_schedule.c new file mode 100755 index 000000000..c206460d9 --- /dev/null +++ b/externals/libressl/ssl/tls12_key_schedule.c @@ -0,0 +1,175 @@ +/* $OpenBSD: tls12_key_schedule.c,v 1.1 2021/05/05 10:05:27 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include "bytestring.h" +#include "ssl_locl.h" + +struct tls12_key_block { + CBS client_write_mac_key; + CBS server_write_mac_key; + CBS client_write_key; + CBS server_write_key; + CBS client_write_iv; + CBS server_write_iv; + + uint8_t *key_block; + size_t key_block_len; +}; + +struct tls12_key_block * +tls12_key_block_new(void) +{ + return calloc(1, sizeof(struct tls12_key_block)); +} + +static void +tls12_key_block_clear(struct tls12_key_block *kb) +{ + CBS_init(&kb->client_write_mac_key, NULL, 0); + CBS_init(&kb->server_write_mac_key, NULL, 0); + CBS_init(&kb->client_write_key, NULL, 0); + CBS_init(&kb->server_write_key, NULL, 0); + CBS_init(&kb->client_write_iv, NULL, 0); + CBS_init(&kb->server_write_iv, NULL, 0); + + freezero(kb->key_block, kb->key_block_len); + kb->key_block = NULL; + kb->key_block_len = 0; +} + +void +tls12_key_block_free(struct tls12_key_block *kb) +{ + if (kb == NULL) + return; + + tls12_key_block_clear(kb); + + freezero(kb, sizeof(struct tls12_key_block)); +} + +void +tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key, + CBS *key, CBS *iv) +{ + CBS_dup(&kb->client_write_mac_key, mac_key); + CBS_dup(&kb->client_write_key, key); + CBS_dup(&kb->client_write_iv, iv); +} + +void +tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key, + CBS *key, CBS *iv) +{ + CBS_dup(&kb->server_write_mac_key, mac_key); + CBS_dup(&kb->server_write_key, key); + CBS_dup(&kb->server_write_iv, iv); +} + +int +tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, + const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash) +{ + size_t mac_key_len = 0, key_len = 0, iv_len = 0; + uint8_t *key_block = NULL; + size_t key_block_len = 0; + CBS cbs; + + /* + * Generate a TLSv1.2 key block and partition into individual secrets, + * as per RFC 5246 section 6.3. + */ + + tls12_key_block_clear(kb); + + /* Must have AEAD or cipher/MAC pair. */ + if (aead == NULL && (cipher == NULL || mac_hash == NULL)) + goto err; + + if (aead != NULL) { + key_len = EVP_AEAD_key_length(aead); + + /* AEAD fixed nonce length. */ + if (aead == EVP_aead_aes_128_gcm() || + aead == EVP_aead_aes_256_gcm()) + iv_len = 4; + else if (aead == EVP_aead_chacha20_poly1305()) + iv_len = 12; + else + goto err; + } else if (cipher != NULL && mac_hash != NULL) { + /* + * A negative integer return value will be detected via the + * EVP_MAX_* checks against the size_t variables below. + */ + mac_key_len = EVP_MD_size(mac_hash); + key_len = EVP_CIPHER_key_length(cipher); + iv_len = EVP_CIPHER_iv_length(cipher); + + /* Special handling for GOST... */ + if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC) + mac_key_len = 32; + } + + if (mac_key_len > EVP_MAX_MD_SIZE) + goto err; + if (key_len > EVP_MAX_KEY_LENGTH) + goto err; + if (iv_len > EVP_MAX_IV_LENGTH) + goto err; + + key_block_len = 2 * mac_key_len + 2 * key_len + 2 * iv_len; + if ((key_block = calloc(1, key_block_len)) == NULL) + goto err; + + if (!tls1_generate_key_block(s, key_block, key_block_len)) + goto err; + + kb->key_block = key_block; + kb->key_block_len = key_block_len; + key_block = NULL; + key_block_len = 0; + + /* Partition key block into individual secrets. */ + CBS_init(&cbs, kb->key_block, kb->key_block_len); + if (!CBS_get_bytes(&cbs, &kb->client_write_mac_key, mac_key_len)) + goto err; + if (!CBS_get_bytes(&cbs, &kb->server_write_mac_key, mac_key_len)) + goto err; + if (!CBS_get_bytes(&cbs, &kb->client_write_key, key_len)) + goto err; + if (!CBS_get_bytes(&cbs, &kb->server_write_key, key_len)) + goto err; + if (!CBS_get_bytes(&cbs, &kb->client_write_iv, iv_len)) + goto err; + if (!CBS_get_bytes(&cbs, &kb->server_write_iv, iv_len)) + goto err; + if (CBS_len(&cbs) != 0) + goto err; + + return 1; + + err: + tls12_key_block_clear(kb); + freezero(key_block, key_block_len); + + return 0; +} diff --git a/externals/libressl/ssl/tls12_lib.c b/externals/libressl/ssl/tls12_lib.c new file mode 100755 index 000000000..773ba30bd --- /dev/null +++ b/externals/libressl/ssl/tls12_lib.c @@ -0,0 +1,118 @@ +/* $OpenBSD: tls12_lib.c,v 1.4 2022/02/05 14:54:10 jsing Exp $ */ +/* + * Copyright (c) 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "ssl_locl.h" + +static int +tls12_finished_verify_data(SSL *s, const char *finished_label, + size_t finished_label_len, uint8_t *verify_data, size_t verify_data_len, + size_t *out_len) +{ + uint8_t transcript_hash[EVP_MAX_MD_SIZE]; + size_t transcript_hash_len; + + *out_len = 0; + + if (s->session->master_key_length <= 0) + return 0; + + if (verify_data_len < TLS1_FINISH_MAC_LENGTH) + return 0; + + if (!tls1_transcript_hash_value(s, transcript_hash, + sizeof(transcript_hash), &transcript_hash_len)) + return 0; + + if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length, + finished_label, finished_label_len, transcript_hash, + transcript_hash_len, NULL, 0, NULL, 0, NULL, 0, verify_data, + TLS1_FINISH_MAC_LENGTH)) + return 0; + + *out_len = TLS1_FINISH_MAC_LENGTH; + + return 1; +} + +static int +tls12_client_finished_verify_data(SSL *s, uint8_t *verify_data, + size_t verify_data_len, size_t *out_len) +{ + return tls12_finished_verify_data(s, TLS_MD_CLIENT_FINISH_CONST, + TLS_MD_CLIENT_FINISH_CONST_SIZE, verify_data, verify_data_len, + out_len); +} + +static int +tls12_server_finished_verify_data(SSL *s, uint8_t *verify_data, + size_t verify_data_len, size_t *out_len) +{ + return tls12_finished_verify_data(s, TLS_MD_SERVER_FINISH_CONST, + TLS_MD_SERVER_FINISH_CONST_SIZE, verify_data, verify_data_len, + out_len); +} + +int +tls12_derive_finished(SSL *s) +{ + if (!s->server) { + return tls12_client_finished_verify_data(s, + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); + } else { + return tls12_server_finished_verify_data(s, + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); + } +} + +int +tls12_derive_peer_finished(SSL *s) +{ + if (s->server) { + return tls12_client_finished_verify_data(s, + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); + } else { + return tls12_server_finished_verify_data(s, + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); + } +} + +int +tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret, + size_t premaster_secret_len) +{ + s->session->master_key_length = 0; + + if (premaster_secret_len == 0) + return 0; + + CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH); + + if (!tls1_PRF(s, premaster_secret, premaster_secret_len, + TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, + s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, + s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, + s->session->master_key, sizeof(s->session->master_key))) + return 0; + + s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; + + return 1; +} diff --git a/externals/libressl/ssl/tls12_record_layer.c b/externals/libressl/ssl/tls12_record_layer.c index 10d0f1194..3568e1876 100755 --- a/externals/libressl/ssl/tls12_record_layer.c +++ b/externals/libressl/ssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.4 2020/09/16 17:15:01 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.36 2022/01/14 09:12:15 tb Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -15,36 +15,170 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include #include "ssl_locl.h" +#define TLS12_RECORD_SEQ_NUM_LEN 8 +#define TLS12_AEAD_FIXED_NONCE_MAX_LEN 12 + +struct tls12_record_protection { + uint16_t epoch; + uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN]; + + EVP_AEAD_CTX *aead_ctx; + + uint8_t *aead_nonce; + size_t aead_nonce_len; + + uint8_t *aead_fixed_nonce; + size_t aead_fixed_nonce_len; + + size_t aead_variable_nonce_len; + size_t aead_tag_len; + + int aead_xor_nonces; + int aead_variable_nonce_in_record; + + EVP_CIPHER_CTX *cipher_ctx; + EVP_MD_CTX *hash_ctx; + + int stream_mac; + + uint8_t *mac_key; + size_t mac_key_len; +}; + +static struct tls12_record_protection * +tls12_record_protection_new(void) +{ + return calloc(1, sizeof(struct tls12_record_protection)); +} + +static void +tls12_record_protection_clear(struct tls12_record_protection *rp) +{ + EVP_AEAD_CTX_free(rp->aead_ctx); + + freezero(rp->aead_nonce, rp->aead_nonce_len); + freezero(rp->aead_fixed_nonce, rp->aead_fixed_nonce_len); + + EVP_CIPHER_CTX_free(rp->cipher_ctx); + EVP_MD_CTX_free(rp->hash_ctx); + + freezero(rp->mac_key, rp->mac_key_len); + + memset(rp, 0, sizeof(*rp)); +} + +static void +tls12_record_protection_free(struct tls12_record_protection *rp) +{ + if (rp == NULL) + return; + + tls12_record_protection_clear(rp); + + freezero(rp, sizeof(struct tls12_record_protection)); +} + +static int +tls12_record_protection_engaged(struct tls12_record_protection *rp) +{ + return rp->aead_ctx != NULL || rp->cipher_ctx != NULL; +} + +static int +tls12_record_protection_unused(struct tls12_record_protection *rp) +{ + return rp->aead_ctx == NULL && rp->cipher_ctx == NULL && + rp->hash_ctx == NULL && rp->mac_key == NULL; +} + +static int +tls12_record_protection_eiv_len(struct tls12_record_protection *rp, + size_t *out_eiv_len) +{ + int eiv_len; + + *out_eiv_len = 0; + + if (rp->cipher_ctx == NULL) + return 0; + + eiv_len = 0; + if (EVP_CIPHER_CTX_mode(rp->cipher_ctx) == EVP_CIPH_CBC_MODE) + eiv_len = EVP_CIPHER_CTX_iv_length(rp->cipher_ctx); + if (eiv_len < 0 || eiv_len > EVP_MAX_IV_LENGTH) + return 0; + + *out_eiv_len = eiv_len; + + return 1; +} + +static int +tls12_record_protection_block_size(struct tls12_record_protection *rp, + size_t *out_block_size) +{ + int block_size; + + *out_block_size = 0; + + if (rp->cipher_ctx == NULL) + return 0; + + block_size = EVP_CIPHER_CTX_block_size(rp->cipher_ctx); + if (block_size < 0 || block_size > EVP_MAX_BLOCK_LENGTH) + return 0; + + *out_block_size = block_size; + + return 1; +} + +static int +tls12_record_protection_mac_len(struct tls12_record_protection *rp, + size_t *out_mac_len) +{ + int mac_len; + + *out_mac_len = 0; + + if (rp->hash_ctx == NULL) + return 0; + + mac_len = EVP_MD_CTX_size(rp->hash_ctx); + if (mac_len <= 0 || mac_len > EVP_MAX_MD_SIZE) + return 0; + + *out_mac_len = mac_len; + + return 1; +} + struct tls12_record_layer { uint16_t version; + uint16_t initial_epoch; int dtls; - uint16_t read_epoch; - uint16_t write_epoch; + uint8_t alert_desc; - int read_stream_mac; - int write_stream_mac; + const EVP_AEAD *aead; + const EVP_CIPHER *cipher; + const EVP_MD *handshake_hash; + const EVP_MD *mac_hash; - /* - * XXX - for now these are just pointers to externally managed - * structs/memory. These should eventually be owned by the record layer. - */ - SSL_AEAD_CTX *read_aead_ctx; - SSL_AEAD_CTX *write_aead_ctx; + /* Pointers to active record protection (memory is not owned). */ + struct tls12_record_protection *read; + struct tls12_record_protection *write; - EVP_CIPHER_CTX *read_cipher_ctx; - EVP_MD_CTX *read_hash_ctx; - EVP_CIPHER_CTX *write_cipher_ctx; - EVP_MD_CTX *write_hash_ctx; - - uint8_t *read_seq_num; - uint8_t *write_seq_num; + struct tls12_record_protection *read_current; + struct tls12_record_protection *write_current; + struct tls12_record_protection *write_previous; }; struct tls12_record_layer * @@ -53,124 +187,443 @@ tls12_record_layer_new(void) struct tls12_record_layer *rl; if ((rl = calloc(1, sizeof(struct tls12_record_layer))) == NULL) - return NULL; + goto err; + if ((rl->read_current = tls12_record_protection_new()) == NULL) + goto err; + if ((rl->write_current = tls12_record_protection_new()) == NULL) + goto err; + + rl->read = rl->read_current; + rl->write = rl->write_current; return rl; + + err: + tls12_record_layer_free(rl); + + return NULL; } void tls12_record_layer_free(struct tls12_record_layer *rl) { + if (rl == NULL) + return; + + tls12_record_protection_free(rl->read_current); + tls12_record_protection_free(rl->write_current); + tls12_record_protection_free(rl->write_previous); + freezero(rl, sizeof(struct tls12_record_layer)); } +void +tls12_record_layer_alert(struct tls12_record_layer *rl, uint8_t *alert_desc) +{ + *alert_desc = rl->alert_desc; +} + +int +tls12_record_layer_write_overhead(struct tls12_record_layer *rl, + size_t *overhead) +{ + size_t block_size, eiv_len, mac_len; + + *overhead = 0; + + if (rl->write->aead_ctx != NULL) { + *overhead = rl->write->aead_tag_len; + } else if (rl->write->cipher_ctx != NULL) { + eiv_len = 0; + if (rl->version != TLS1_VERSION) { + if (!tls12_record_protection_eiv_len(rl->write, &eiv_len)) + return 0; + } + if (!tls12_record_protection_block_size(rl->write, &block_size)) + return 0; + if (!tls12_record_protection_mac_len(rl->write, &mac_len)) + return 0; + + *overhead = eiv_len + block_size + mac_len; + } + + return 1; +} + +int +tls12_record_layer_read_protected(struct tls12_record_layer *rl) +{ + return tls12_record_protection_engaged(rl->read); +} + +int +tls12_record_layer_write_protected(struct tls12_record_layer *rl) +{ + return tls12_record_protection_engaged(rl->write); +} + +void +tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead) +{ + rl->aead = aead; +} + +void +tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, + const EVP_CIPHER *cipher, const EVP_MD *handshake_hash, + const EVP_MD *mac_hash) +{ + rl->cipher = cipher; + rl->handshake_hash = handshake_hash; + rl->mac_hash = mac_hash; +} + void tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) { rl->version = version; - rl->dtls = (version == DTLS1_VERSION); + rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); } void -tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl, uint16_t epoch) +tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, + uint16_t epoch) { - rl->read_epoch = epoch; + rl->initial_epoch = epoch; +} + +uint16_t +tls12_record_layer_read_epoch(struct tls12_record_layer *rl) +{ + return rl->read->epoch; +} + +uint16_t +tls12_record_layer_write_epoch(struct tls12_record_layer *rl) +{ + return rl->write->epoch; +} + +int +tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) +{ + if (rl->write->epoch == epoch) + return 1; + + if (rl->write_current->epoch == epoch) { + rl->write = rl->write_current; + return 1; + } + + if (rl->write_previous != NULL && rl->write_previous->epoch == epoch) { + rl->write = rl->write_previous; + return 1; + } + + return 0; } void -tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) +tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoch) { - rl->write_epoch = epoch; -} + if (rl->write_previous == NULL || rl->write_previous->epoch != epoch) + return; -static void -tls12_record_layer_set_read_state(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx, EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, - int stream_mac) -{ - rl->read_aead_ctx = aead_ctx; + rl->write = rl->write_current; - rl->read_cipher_ctx = cipher_ctx; - rl->read_hash_ctx = hash_ctx; - rl->read_stream_mac = stream_mac; -} - -static void -tls12_record_layer_set_write_state(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx, EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, - int stream_mac) -{ - rl->write_aead_ctx = aead_ctx; - - rl->write_cipher_ctx = cipher_ctx; - rl->write_hash_ctx = hash_ctx; - rl->write_stream_mac = stream_mac; + tls12_record_protection_free(rl->write_previous); + rl->write_previous = NULL; } void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) { - tls12_record_layer_set_read_state(rl, NULL, NULL, NULL, 0); - rl->read_seq_num = NULL; + tls12_record_protection_clear(rl->read); + rl->read->epoch = rl->initial_epoch; } void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) { - tls12_record_layer_set_write_state(rl, NULL, NULL, NULL, 0); - rl->write_seq_num = NULL; + tls12_record_protection_clear(rl->write); + rl->write->epoch = rl->initial_epoch; + + tls12_record_protection_free(rl->write_previous); + rl->write_previous = NULL; } void -tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl, - uint8_t *seq_num) +tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) { - rl->read_seq_num = seq_num; + memcpy(rl->write->seq_num, rl->read->seq_num, + sizeof(rl->write->seq_num)); } -void -tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl, - uint8_t *seq_num) -{ - rl->write_seq_num = seq_num; -} +static const uint8_t tls12_max_seq_num[TLS12_RECORD_SEQ_NUM_LEN] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +}; int -tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx) +tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl, uint8_t *seq_num) { - tls12_record_layer_set_read_state(rl, aead_ctx, NULL, NULL, 0); + CBS max_seq_num; + int i; + + /* + * RFC 5246 section 6.1 and RFC 6347 section 4.1 - both TLS and DTLS + * sequence numbers must not wrap. Note that for DTLS the first two + * bytes are used as an "epoch" and not part of the sequence number. + */ + CBS_init(&max_seq_num, seq_num, TLS12_RECORD_SEQ_NUM_LEN); + if (rl->dtls) { + if (!CBS_skip(&max_seq_num, 2)) + return 0; + } + if (CBS_mem_equal(&max_seq_num, tls12_max_seq_num, + CBS_len(&max_seq_num))) + return 0; + + for (i = TLS12_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) { + if (++seq_num[i] != 0) + break; + } return 1; } -int -tls12_record_layer_set_write_aead(struct tls12_record_layer *rl, - SSL_AEAD_CTX *aead_ctx) +static int +tls12_record_layer_set_mac_key(struct tls12_record_protection *rp, + const uint8_t *mac_key, size_t mac_key_len) { - tls12_record_layer_set_write_state(rl, aead_ctx, NULL, NULL, 0); + freezero(rp->mac_key, rp->mac_key_len); + rp->mac_key = NULL; + rp->mac_key_len = 0; + + if (mac_key == NULL || mac_key_len == 0) + return 1; + + if ((rp->mac_key = calloc(1, mac_key_len)) == NULL) + return 0; + + memcpy(rp->mac_key, mac_key, mac_key_len); + rp->mac_key_len = mac_key_len; return 1; } -int -tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) +static int +tls12_record_layer_ccs_aead(struct tls12_record_layer *rl, + struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, + CBS *iv) { - tls12_record_layer_set_read_state(rl, NULL, cipher_ctx, hash_ctx, - stream_mac); + if (!tls12_record_protection_unused(rp)) + return 0; + + if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) + return 0; + + /* AES GCM cipher suites use variable nonce in record. */ + if (rl->aead == EVP_aead_aes_128_gcm() || + rl->aead == EVP_aead_aes_256_gcm()) + rp->aead_variable_nonce_in_record = 1; + + /* ChaCha20 Poly1305 XORs the fixed and variable nonces. */ + if (rl->aead == EVP_aead_chacha20_poly1305()) + rp->aead_xor_nonces = 1; + + if (!CBS_stow(iv, &rp->aead_fixed_nonce, &rp->aead_fixed_nonce_len)) + return 0; + + rp->aead_nonce = calloc(1, EVP_AEAD_nonce_length(rl->aead)); + if (rp->aead_nonce == NULL) + return 0; + + rp->aead_nonce_len = EVP_AEAD_nonce_length(rl->aead); + rp->aead_tag_len = EVP_AEAD_max_overhead(rl->aead); + rp->aead_variable_nonce_len = TLS12_RECORD_SEQ_NUM_LEN; + + if (rp->aead_xor_nonces) { + /* Fixed nonce length must match, variable must not exceed. */ + if (rp->aead_fixed_nonce_len != rp->aead_nonce_len) + return 0; + if (rp->aead_variable_nonce_len > rp->aead_nonce_len) + return 0; + } else { + /* Concatenated nonce length must equal AEAD nonce length. */ + if (rp->aead_fixed_nonce_len + + rp->aead_variable_nonce_len != rp->aead_nonce_len) + return 0; + } + + if (!EVP_AEAD_CTX_init(rp->aead_ctx, rl->aead, CBS_data(key), + CBS_len(key), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) + return 0; return 1; } -int -tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, - EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac) +static int +tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, + struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, + CBS *iv) { - tls12_record_layer_set_write_state(rl, NULL, cipher_ctx, hash_ctx, - stream_mac); + EVP_PKEY *mac_pkey = NULL; + int gost_param_nid; + int mac_type; + int ret = 0; - return 1; + if (!tls12_record_protection_unused(rp)) + goto err; + + mac_type = EVP_PKEY_HMAC; + rp->stream_mac = 0; + + if (CBS_len(iv) > INT_MAX || CBS_len(key) > INT_MAX) + goto err; + if (EVP_CIPHER_iv_length(rl->cipher) != CBS_len(iv)) + goto err; + if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) + goto err; + + /* Special handling for GOST... */ + if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { + if (CBS_len(mac_key) != 32) + goto err; + mac_type = EVP_PKEY_GOSTIMIT; + rp->stream_mac = 1; + } else { + if (CBS_len(mac_key) > INT_MAX) + goto err; + if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) + goto err; + } + + if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) + goto err; + + if (!tls12_record_layer_set_mac_key(rp, CBS_data(mac_key), + CBS_len(mac_key))) + goto err; + + if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, CBS_data(mac_key), + CBS_len(mac_key))) == NULL) + goto err; + + if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, CBS_data(key), + CBS_data(iv), is_write)) + goto err; + + if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL, + mac_pkey) <= 0) + goto err; + + /* More special handling for GOST... */ + if (EVP_CIPHER_type(rl->cipher) == NID_gost89_cnt) { + gost_param_nid = NID_id_tc26_gost_28147_param_Z; + if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94) + gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; + + if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX, + gost_param_nid, 0) <= 0) + goto err; + + if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { + if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX, + gost_param_nid, 0) <= 0) + goto err; + } + } + + ret = 1; + + err: + EVP_PKEY_free(mac_pkey); + + return ret; +} + +static int +tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl, + struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key, + CBS *iv) +{ + if (rl->aead != NULL) + return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key, + key, iv); + + return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key, + key, iv); +} + +int +tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, + CBS *mac_key, CBS *key, CBS *iv) +{ + struct tls12_record_protection *read_new = NULL; + int ret = 0; + + if ((read_new = tls12_record_protection_new()) == NULL) + goto err; + + /* Read sequence number gets reset to zero. */ + + /* DTLS epoch is incremented and is permitted to wrap. */ + if (rl->dtls) + read_new->epoch = rl->read_current->epoch + 1; + + if (!tls12_record_layer_change_cipher_state(rl, read_new, 0, + mac_key, key, iv)) + goto err; + + tls12_record_protection_free(rl->read_current); + rl->read = rl->read_current = read_new; + read_new = NULL; + + ret = 1; + + err: + tls12_record_protection_free(read_new); + + return ret; +} + +int +tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, + CBS *mac_key, CBS *key, CBS *iv) +{ + struct tls12_record_protection *write_new; + int ret = 0; + + if ((write_new = tls12_record_protection_new()) == NULL) + goto err; + + /* Write sequence number gets reset to zero. */ + + /* DTLS epoch is incremented and is permitted to wrap. */ + if (rl->dtls) + write_new->epoch = rl->write_current->epoch + 1; + + if (!tls12_record_layer_change_cipher_state(rl, write_new, 1, + mac_key, key, iv)) + goto err; + + if (rl->dtls) { + tls12_record_protection_free(rl->write_previous); + rl->write_previous = rl->write_current; + rl->write_current = NULL; + } + tls12_record_protection_free(rl->write_current); + rl->write = rl->write_current = write_new; + write_new = NULL; + + ret = 1; + + err: + tls12_record_protection_free(write_new); + + return ret; } static int @@ -193,8 +646,8 @@ tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb, static int tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, - uint8_t content_type, uint16_t record_len, uint16_t epoch, uint8_t *seq_num, - size_t seq_num_len, uint8_t **out, size_t *out_len) + uint8_t content_type, uint16_t record_len, CBS *seq_num, uint8_t **out, + size_t *out_len) { CBB cbb; @@ -205,8 +658,7 @@ tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, if (!CBB_init(&cbb, 13)) goto err; - if (!tls12_record_layer_build_seq_num(rl, &cbb, epoch, - seq_num, seq_num_len)) + if (!CBB_add_bytes(&cbb, CBS_data(seq_num), CBS_len(seq_num))) goto err; if (!CBB_add_u8(&cbb, content_type)) goto err; @@ -228,13 +680,12 @@ tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, static int tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, - EVP_MD_CTX *hash_ctx, int stream_mac, uint16_t epoch, uint8_t *seq_num, - size_t seq_num_len, uint8_t content_type, const uint8_t *content, - size_t content_len, size_t *out_len) + EVP_MD_CTX *hash_ctx, int stream_mac, CBS *seq_num, uint8_t content_type, + const uint8_t *content, size_t content_len, size_t *out_len) { EVP_MD_CTX *mac_ctx = NULL; uint8_t *header = NULL; - size_t header_len; + size_t header_len = 0; size_t mac_len; uint8_t *mac; int ret = 0; @@ -245,7 +696,7 @@ tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, goto err; if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - epoch, seq_num, seq_num_len, &header, &header_len)) + seq_num, &header, &header_len)) goto err; if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0) @@ -258,6 +709,8 @@ tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, goto err; if (EVP_DigestSignFinal(mac_ctx, mac, &mac_len) <= 0) goto err; + if (mac_len == 0) + goto err; if (stream_mac) { if (!EVP_MD_CTX_copy(hash_ctx, mac_ctx)) @@ -269,39 +722,95 @@ tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, err: EVP_MD_CTX_free(mac_ctx); - free(header); + freezero(header, header_len); return ret; } static int -tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, - uint8_t content_type, const uint8_t *content, size_t content_len, - size_t *out_len) +tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb, + uint8_t content_type, CBS *seq_num, const uint8_t *content, + size_t content_len, size_t mac_len, size_t padding_len) { - return tls12_record_layer_mac(rl, cbb, rl->write_hash_ctx, - rl->write_stream_mac, rl->write_epoch, rl->write_seq_num, - SSL3_SEQUENCE_SIZE, content_type, content, content_len, out_len); + uint8_t *header = NULL; + size_t header_len = 0; + uint8_t *mac = NULL; + size_t out_mac_len = 0; + int ret = 0; + + /* + * Must be constant time to avoid leaking details about CBC padding. + */ + + if (!ssl3_cbc_record_digest_supported(rl->read->hash_ctx)) + goto err; + + if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, + seq_num, &header, &header_len)) + goto err; + + if (!CBB_add_space(cbb, &mac, mac_len)) + goto err; + if (!ssl3_cbc_digest_record(rl->read->hash_ctx, mac, &out_mac_len, header, + content, content_len + mac_len, content_len + mac_len + padding_len, + rl->read->mac_key, rl->read->mac_key_len)) + goto err; + if (mac_len != out_mac_len) + goto err; + + ret = 1; + + err: + freezero(header, header_len); + + return ret; +} + +static int +tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb, + uint8_t content_type, CBS *seq_num, const uint8_t *content, + size_t content_len) +{ + EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; + size_t out_len; + + if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) + return 0; + + return tls12_record_layer_mac(rl, cbb, rl->read->hash_ctx, + rl->read->stream_mac, seq_num, content_type, content, content_len, + &out_len); +} + +static int +tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, + uint8_t content_type, CBS *seq_num, const uint8_t *content, + size_t content_len, size_t *out_len) +{ + return tls12_record_layer_mac(rl, cbb, rl->write->hash_ctx, + rl->write->stream_mac, seq_num, content_type, content, content_len, + out_len); } static int tls12_record_layer_aead_concat_nonce(struct tls12_record_layer *rl, - const SSL_AEAD_CTX *aead, uint8_t *seq_num, uint8_t **out, size_t *out_len) + struct tls12_record_protection *rp, CBS *seq_num) { CBB cbb; - if (aead->variable_nonce_len > SSL3_SEQUENCE_SIZE) + if (rp->aead_variable_nonce_len > CBS_len(seq_num)) return 0; /* Fixed nonce and variable nonce (sequence number) are concatenated. */ - if (!CBB_init(&cbb, 16)) + if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len)) goto err; - if (!CBB_add_bytes(&cbb, aead->fixed_nonce, - aead->fixed_nonce_len)) + if (!CBB_add_bytes(&cbb, rp->aead_fixed_nonce, + rp->aead_fixed_nonce_len)) goto err; - if (!CBB_add_bytes(&cbb, seq_num, aead->variable_nonce_len)) + if (!CBB_add_bytes(&cbb, CBS_data(seq_num), + rp->aead_variable_nonce_len)) goto err; - if (!CBB_finish(&cbb, out, out_len)) + if (!CBB_finish(&cbb, NULL, NULL)) goto err; return 1; @@ -314,53 +823,313 @@ tls12_record_layer_aead_concat_nonce(struct tls12_record_layer *rl, static int tls12_record_layer_aead_xored_nonce(struct tls12_record_layer *rl, - const SSL_AEAD_CTX *aead, uint8_t *seq_num, uint8_t **out, size_t *out_len) + struct tls12_record_protection *rp, CBS *seq_num) { - uint8_t *nonce = NULL; - size_t nonce_len = 0; uint8_t *pad; CBB cbb; int i; - if (aead->variable_nonce_len > SSL3_SEQUENCE_SIZE) + if (rp->aead_variable_nonce_len > CBS_len(seq_num)) return 0; - if (aead->fixed_nonce_len < aead->variable_nonce_len) + if (rp->aead_fixed_nonce_len < rp->aead_variable_nonce_len) + return 0; + if (rp->aead_fixed_nonce_len != rp->aead_nonce_len) return 0; /* * Variable nonce (sequence number) is right padded, before the fixed * nonce is XOR'd in. */ - if (!CBB_init(&cbb, 16)) + if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len)) goto err; if (!CBB_add_space(&cbb, &pad, - aead->fixed_nonce_len - aead->variable_nonce_len)) + rp->aead_fixed_nonce_len - rp->aead_variable_nonce_len)) goto err; - if (!CBB_add_bytes(&cbb, seq_num, aead->variable_nonce_len)) + if (!CBB_add_bytes(&cbb, CBS_data(seq_num), + rp->aead_variable_nonce_len)) goto err; - if (!CBB_finish(&cbb, &nonce, &nonce_len)) + if (!CBB_finish(&cbb, NULL, NULL)) goto err; - for (i = 0; i < aead->fixed_nonce_len; i++) - nonce[i] ^= aead->fixed_nonce[i]; - - *out = nonce; - *out_len = nonce_len; + for (i = 0; i < rp->aead_fixed_nonce_len; i++) + rp->aead_nonce[i] ^= rp->aead_fixed_nonce[i]; return 1; err: CBB_cleanup(&cbb); - freezero(nonce, nonce_len); return 0; } +static int +tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl, + uint8_t content_type, CBS *fragment, uint8_t **out, size_t *out_len) +{ + if (tls12_record_protection_engaged(rl->read)) + return 0; + + /* XXX - decrypt/process in place for now. */ + *out = (uint8_t *)CBS_data(fragment); + *out_len = CBS_len(fragment); + + return 1; +} + +static int +tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, + uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out, + size_t *out_len) +{ + struct tls12_record_protection *rp = rl->read; + uint8_t *header = NULL; + size_t header_len = 0; + uint8_t *plain; + size_t plain_len; + CBS var_nonce; + int ret = 0; + + if (rp->aead_xor_nonces) { + if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num)) + goto err; + } else if (rp->aead_variable_nonce_in_record) { + if (!CBS_get_bytes(fragment, &var_nonce, + rp->aead_variable_nonce_len)) + goto err; + if (!tls12_record_layer_aead_concat_nonce(rl, rp, &var_nonce)) + goto err; + } else { + if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num)) + goto err; + } + + /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ + if (CBS_len(fragment) < rp->aead_tag_len) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) { + rl->alert_desc = SSL_AD_RECORD_OVERFLOW; + goto err; + } + + /* XXX - decrypt/process in place for now. */ + plain = (uint8_t *)CBS_data(fragment); + plain_len = CBS_len(fragment) - rp->aead_tag_len; + + if (!tls12_record_layer_pseudo_header(rl, content_type, plain_len, + seq_num, &header, &header_len)) + goto err; + + if (!EVP_AEAD_CTX_open(rp->aead_ctx, plain, out_len, plain_len, + rp->aead_nonce, rp->aead_nonce_len, CBS_data(fragment), + CBS_len(fragment), header, header_len)) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + + if (*out_len > SSL3_RT_MAX_PLAIN_LENGTH) { + rl->alert_desc = SSL_AD_RECORD_OVERFLOW; + goto err; + } + + if (*out_len != plain_len) + goto err; + + *out = plain; + + ret = 1; + + err: + freezero(header, header_len); + + return ret; +} + +static int +tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, + uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out, + size_t *out_len) +{ + EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; + SSL3_RECORD_INTERNAL rrec; + size_t block_size, eiv_len; + uint8_t *mac = NULL; + size_t mac_len = 0; + uint8_t *out_mac = NULL; + size_t out_mac_len = 0; + uint8_t *plain; + size_t plain_len; + size_t min_len; + CBB cbb_mac; + int ret = 0; + + memset(&cbb_mac, 0, sizeof(cbb_mac)); + memset(&rrec, 0, sizeof(rrec)); + + if (!tls12_record_protection_block_size(rl->read, &block_size)) + goto err; + + /* Determine explicit IV length. */ + eiv_len = 0; + if (rl->version != TLS1_VERSION) { + if (!tls12_record_protection_eiv_len(rl->read, &eiv_len)) + goto err; + } + + mac_len = 0; + if (rl->read->hash_ctx != NULL) { + if (!tls12_record_protection_mac_len(rl->read, &mac_len)) + goto err; + } + + /* CBC has at least one padding byte. */ + min_len = eiv_len + mac_len; + if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) + min_len += 1; + + if (CBS_len(fragment) < min_len) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) { + rl->alert_desc = SSL_AD_RECORD_OVERFLOW; + goto err; + } + if (CBS_len(fragment) % block_size != 0) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + + /* XXX - decrypt/process in place for now. */ + plain = (uint8_t *)CBS_data(fragment); + plain_len = CBS_len(fragment); + + if (!EVP_Cipher(enc, plain, CBS_data(fragment), plain_len)) + goto err; + + rrec.data = plain; + rrec.input = plain; + rrec.length = plain_len; + + /* + * We now have to remove padding, extract MAC, calculate MAC + * and compare MAC in constant time. + */ + if (block_size > 1) + ssl3_cbc_remove_padding(&rrec, eiv_len, mac_len); + + if ((mac = calloc(1, mac_len)) == NULL) + goto err; + + if (!CBB_init(&cbb_mac, EVP_MAX_MD_SIZE)) + goto err; + if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) { + ssl3_cbc_copy_mac(mac, &rrec, mac_len, rrec.length + + rrec.padding_length); + rrec.length -= mac_len; + if (!tls12_record_layer_read_mac_cbc(rl, &cbb_mac, content_type, + seq_num, rrec.input, rrec.length, mac_len, + rrec.padding_length)) + goto err; + } else { + rrec.length -= mac_len; + memcpy(mac, rrec.data + rrec.length, mac_len); + if (!tls12_record_layer_read_mac(rl, &cbb_mac, content_type, + seq_num, rrec.input, rrec.length)) + goto err; + } + if (!CBB_finish(&cbb_mac, &out_mac, &out_mac_len)) + goto err; + if (mac_len != out_mac_len) + goto err; + + if (timingsafe_memcmp(mac, out_mac, mac_len) != 0) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + + if (rrec.length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_len) { + rl->alert_desc = SSL_AD_BAD_RECORD_MAC; + goto err; + } + if (rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) { + rl->alert_desc = SSL_AD_RECORD_OVERFLOW; + goto err; + } + + *out = rrec.data; + *out_len = rrec.length; + + ret = 1; + + err: + CBB_cleanup(&cbb_mac); + freezero(mac, mac_len); + freezero(out_mac, out_mac_len); + + return ret; +} + +int +tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, + size_t buf_len, uint8_t **out, size_t *out_len) +{ + CBS cbs, fragment, seq_num; + uint16_t version; + uint8_t content_type; + + CBS_init(&cbs, buf, buf_len); + CBS_init(&seq_num, rl->read->seq_num, sizeof(rl->read->seq_num)); + + if (!CBS_get_u8(&cbs, &content_type)) + return 0; + if (!CBS_get_u16(&cbs, &version)) + return 0; + if (rl->dtls) { + /* + * The DTLS sequence number is split into a 16 bit epoch and + * 48 bit sequence number, however for the purposes of record + * processing it is treated the same as a TLS 64 bit sequence + * number. DTLS also uses explicit read sequence numbers, which + * we need to extract from the DTLS record header. + */ + if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE)) + return 0; + if (!CBS_write_bytes(&seq_num, rl->read->seq_num, + sizeof(rl->read->seq_num), NULL)) + return 0; + } + if (!CBS_get_u16_length_prefixed(&cbs, &fragment)) + return 0; + + if (rl->read->aead_ctx != NULL) { + if (!tls12_record_layer_open_record_protected_aead(rl, + content_type, &seq_num, &fragment, out, out_len)) + return 0; + } else if (rl->read->cipher_ctx != NULL) { + if (!tls12_record_layer_open_record_protected_cipher(rl, + content_type, &seq_num, &fragment, out, out_len)) + return 0; + } else { + if (!tls12_record_layer_open_record_plaintext(rl, + content_type, &fragment, out, out_len)) + return 0; + } + + if (!rl->dtls) { + if (!tls12_record_layer_inc_seq_num(rl, rl->read->seq_num)) + return 0; + } + + return 1; +} + static int tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) { - if (rl->write_aead_ctx != NULL || rl->write_cipher_ctx != NULL) + if (tls12_record_protection_engaged(rl->write)) return 0; return CBB_add_bytes(out, content, content_len); @@ -368,46 +1137,46 @@ tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl, static int tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) + uint8_t content_type, CBS *seq_num, const uint8_t *content, + size_t content_len, CBB *out) { - const SSL_AEAD_CTX *aead = rl->write_aead_ctx; - uint8_t *header = NULL, *nonce = NULL; - size_t header_len = 0, nonce_len = 0; + struct tls12_record_protection *rp = rl->write; + uint8_t *header = NULL; + size_t header_len = 0; size_t enc_record_len, out_len; - uint16_t epoch = 0; uint8_t *enc_data; int ret = 0; - /* XXX - move to nonce allocated in record layer, matching TLSv1.3 */ - if (aead->xor_fixed_nonce) { - if (!tls12_record_layer_aead_xored_nonce(rl, aead, - rl->write_seq_num, &nonce, &nonce_len)) + if (rp->aead_xor_nonces) { + if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num)) goto err; } else { - if (!tls12_record_layer_aead_concat_nonce(rl, aead, - rl->write_seq_num, &nonce, &nonce_len)) + if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num)) goto err; } - if (aead->variable_nonce_in_record) { - /* XXX - length check? */ - if (!CBB_add_bytes(out, rl->write_seq_num, aead->variable_nonce_len)) + if (rp->aead_variable_nonce_in_record) { + if (rp->aead_variable_nonce_len > CBS_len(seq_num)) + goto err; + if (!CBB_add_bytes(out, CBS_data(seq_num), + rp->aead_variable_nonce_len)) goto err; } if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - epoch, rl->write_seq_num, SSL3_SEQUENCE_SIZE, &header, &header_len)) + seq_num, &header, &header_len)) goto err; /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ - enc_record_len = content_len + aead->tag_len; + enc_record_len = content_len + rp->aead_tag_len; if (enc_record_len > SSL3_RT_MAX_ENCRYPTED_LENGTH) goto err; if (!CBB_add_space(out, &enc_data, enc_record_len)) goto err; - if (!EVP_AEAD_CTX_seal(&aead->ctx, enc_data, &out_len, enc_record_len, - nonce, nonce_len, content, content_len, header, header_len)) + if (!EVP_AEAD_CTX_seal(rp->aead_ctx, enc_data, &out_len, enc_record_len, + rp->aead_nonce, rp->aead_nonce_len, content, content_len, header, + header_len)) goto err; if (out_len != enc_record_len) @@ -417,18 +1186,17 @@ tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl, err: freezero(header, header_len); - freezero(nonce, nonce_len); return ret; } static int tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl, - uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) + uint8_t content_type, CBS *seq_num, const uint8_t *content, + size_t content_len, CBB *out) { - EVP_CIPHER_CTX *enc = rl->write_cipher_ctx; - size_t mac_len, pad_len; - int block_size, eiv_len; + EVP_CIPHER_CTX *enc = rl->write->cipher_ctx; + size_t block_size, eiv_len, mac_len, pad_len; uint8_t *enc_data, *eiv, *pad, pad_val; uint8_t *plain = NULL; size_t plain_len = 0; @@ -440,11 +1208,10 @@ tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl, /* Add explicit IV if necessary. */ eiv_len = 0; - if (rl->version != TLS1_VERSION && - EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) - eiv_len = EVP_CIPHER_CTX_iv_length(enc); - if (eiv_len < 0 || eiv_len > EVP_MAX_IV_LENGTH) - goto err; + if (rl->version != TLS1_VERSION) { + if (!tls12_record_protection_eiv_len(rl->write, &eiv_len)) + goto err; + } if (eiv_len > 0) { if (!CBB_add_space(&cbb, &eiv, eiv_len)) goto err; @@ -455,17 +1222,16 @@ tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl, goto err; mac_len = 0; - if (rl->write_hash_ctx != NULL) { + if (rl->write->hash_ctx != NULL) { if (!tls12_record_layer_write_mac(rl, &cbb, content_type, - content, content_len, &mac_len)) + seq_num, content, content_len, &mac_len)) goto err; } - plain_len = (size_t)eiv_len + content_len + mac_len; + plain_len = eiv_len + content_len + mac_len; /* Add padding to block size, if necessary. */ - block_size = EVP_CIPHER_CTX_block_size(enc); - if (block_size < 0 || block_size > EVP_MAX_BLOCK_LENGTH) + if (!tls12_record_protection_block_size(rl->write, &block_size)) goto err; if (block_size > 1) { pad_len = block_size - (plain_len % block_size); @@ -504,39 +1270,61 @@ int tls12_record_layer_seal_record(struct tls12_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len, CBB *cbb) { - CBB fragment; + uint8_t *seq_num_data = NULL; + size_t seq_num_len = 0; + CBB fragment, seq_num_cbb; + CBS seq_num; + int ret = 0; + + /* + * Construct the effective sequence number - this is used in both + * the DTLS header and for MAC calculations. + */ + if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE)) + goto err; + if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch, + rl->write->seq_num, sizeof(rl->write->seq_num))) + goto err; + if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len)) + goto err; + CBS_init(&seq_num, seq_num_data, seq_num_len); if (!CBB_add_u8(cbb, content_type)) - return 0; + goto err; if (!CBB_add_u16(cbb, rl->version)) - return 0; + goto err; if (rl->dtls) { - if (!tls12_record_layer_build_seq_num(rl, cbb, - rl->write_epoch, rl->write_seq_num, - SSL3_SEQUENCE_SIZE)) - return 0; + if (!CBB_add_bytes(cbb, CBS_data(&seq_num), CBS_len(&seq_num))) + goto err; } if (!CBB_add_u16_length_prefixed(cbb, &fragment)) - return 0; + goto err; - if (rl->write_aead_ctx != NULL) { + if (rl->write->aead_ctx != NULL) { if (!tls12_record_layer_seal_record_protected_aead(rl, - content_type, content, content_len, &fragment)) - return 0; - } else if (rl->write_cipher_ctx != NULL) { + content_type, &seq_num, content, content_len, &fragment)) + goto err; + } else if (rl->write->cipher_ctx != NULL) { if (!tls12_record_layer_seal_record_protected_cipher(rl, - content_type, content, content_len, &fragment)) - return 0; + content_type, &seq_num, content, content_len, &fragment)) + goto err; } else { if (!tls12_record_layer_seal_record_plaintext(rl, content_type, content, content_len, &fragment)) - return 0; + goto err; } if (!CBB_flush(cbb)) - return 0; + goto err; - tls1_record_sequence_increment(rl->write_seq_num); + if (!tls12_record_layer_inc_seq_num(rl, rl->write->seq_num)) + goto err; - return 1; + ret = 1; + + err: + CBB_cleanup(&seq_num_cbb); + free(seq_num_data); + + return ret; } diff --git a/externals/libressl/ssl/tls13_client.c b/externals/libressl/ssl/tls13_client.c index 35409d92b..11eb880a6 100755 --- a/externals/libressl/ssl/tls13_client.c +++ b/externals/libressl/ssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.67 2020/09/11 17:36:27 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.94 2022/02/03 16:33:12 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -15,11 +15,11 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ssl_locl.h" - #include #include "bytestring.h" +#include "ssl_locl.h" +#include "ssl_sigalgs.h" #include "ssl_tlsext.h" #include "tls13_handshake.h" #include "tls13_internal.h" @@ -31,12 +31,12 @@ tls13_client_init(struct tls13_ctx *ctx) size_t groups_len; SSL *s = ctx->ssl; - if (!ssl_supported_version_range(s, &ctx->hs->min_version, - &ctx->hs->max_version)) { + if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version, + &ctx->hs->our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return 0; } - s->client_version = s->version = ctx->hs->max_version; + s->version = ctx->hs->our_max_tls_version; tls13_record_layer_set_retry_after_phh(ctx->rl, (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); @@ -51,9 +51,9 @@ tls13_client_init(struct tls13_ctx *ctx) tls1_get_group_list(s, 0, &groups, &groups_len); if (groups_len < 1) return 0; - if ((ctx->hs->key_share = tls13_key_share_new(groups[0])) == NULL) + if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); @@ -64,11 +64,12 @@ tls13_client_init(struct tls13_ctx *ctx) * legacy session identifier triggers compatibility mode (see RFC 8446 * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used. */ - if (ctx->middlebox_compat && ctx->hs->max_version >= TLS1_3_VERSION) { - arc4random_buf(ctx->hs->legacy_session_id, - sizeof(ctx->hs->legacy_session_id)); - ctx->hs->legacy_session_id_len = - sizeof(ctx->hs->legacy_session_id); + if (ctx->middlebox_compat && + ctx->hs->our_max_tls_version >= TLS1_3_VERSION) { + arc4random_buf(ctx->hs->tls13.legacy_session_id, + sizeof(ctx->hs->tls13.legacy_session_id)); + ctx->hs->tls13.legacy_session_id_len = + sizeof(ctx->hs->tls13.legacy_session_id); } return 1; @@ -91,9 +92,8 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) SSL *s = ctx->ssl; /* Legacy client version is capped at TLS 1.2. */ - client_version = ctx->hs->max_version; - if (client_version > TLS1_2_VERSION) - client_version = TLS1_2_VERSION; + if (!ssl_max_legacy_version(s, &client_version)) + goto err; if (!CBB_add_u16(cbb, client_version)) goto err; @@ -102,8 +102,8 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &session_id)) goto err; - if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id, - ctx->hs->legacy_session_id_len)) + if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id, + ctx->hs->tls13.legacy_session_id_len)) goto err; if (!CBB_add_u16_length_prefixed(cbb, &cipher_suites)) @@ -133,7 +133,7 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb) { - if (ctx->hs->min_version < TLS1_2_VERSION) + if (ctx->hs->our_min_tls_version < TLS1_2_VERSION) tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); /* We may receive a pre-TLSv1.3 alert in response to the client hello. */ @@ -228,9 +228,9 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; if (tls13_server_hello_is_legacy(cbs)) { - if (ctx->hs->max_version >= TLS1_3_VERSION) { + if (ctx->hs->our_max_tls_version >= TLS1_3_VERSION) { /* - * RFC 8446 section 4.1.3, We must not downgrade if + * RFC 8446 section 4.1.3: we must not downgrade if * the server random value contains the TLS 1.2 or 1.1 * magical value. */ @@ -249,7 +249,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) if (!CBS_skip(cbs, CBS_len(cbs))) goto err; - ctx->hs->use_legacy = 1; + ctx->hs->tls13.use_legacy = 1; return 1; } @@ -262,7 +262,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash, sizeof(tls13_hello_retry_request_hash))) { tlsext_msg_type = SSL_TLSEXT_MSG_HRR; - ctx->hs->hrr = 1; + ctx->hs->tls13.hrr = 1; } if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) { @@ -271,50 +271,49 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) } /* - * See if a supported versions extension was returned. If it was then - * the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3). - * Otherwise, fallback to the legacy version, ensuring that it is both - * within range and not TLS 1.3 or greater (which must use the - * supported version extension. + * The supported versions extension indicated 0x0304 or greater. + * Ensure that it was 0x0304 and that legacy version is set to 0x0303 + * (RFC 8446 section 4.2.1). */ - if (ctx->hs->server_version != 0) { - if (legacy_version != TLS1_2_VERSION) { - ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; - goto err; - } - } else { - if (legacy_version < ctx->hs->min_version || - legacy_version > ctx->hs->max_version || - legacy_version > TLS1_2_VERSION) { - ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; - goto err; - } - ctx->hs->server_version = legacy_version; + if (ctx->hs->tls13.server_version != TLS1_3_VERSION || + legacy_version != TLS1_2_VERSION) { + ctx->alert = TLS13_ALERT_PROTOCOL_VERSION; + goto err; } + ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version; + ctx->hs->peer_legacy_version = legacy_version; /* The session_id must match. */ - if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id, - ctx->hs->legacy_session_id_len)) { + if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id, + ctx->hs->tls13.legacy_session_id_len)) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } /* * Ensure that the cipher suite is one that we offered in the client - * hello and that it matches the TLS version selected. + * hello and that it is a TLSv1.3 cipher suite. */ cipher = ssl3_get_cipher_by_value(cipher_suite); if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - if (ctx->hs->server_version == TLS1_3_VERSION && - cipher->algorithm_ssl != SSL_TLSV1_3) { + if (cipher->algorithm_ssl != SSL_TLSV1_3) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - /* XXX - move this to hs_tls13? */ - S3I(s)->hs.new_cipher = cipher; + if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR) && !ctx->hs->tls13.hrr) { + /* + * A ServerHello following a HelloRetryRequest MUST use the same + * cipher suite (RFC 8446 section 4.1.4). + */ + if (ctx->hs->cipher != cipher) { + ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; + goto err; + } + } + ctx->hs->cipher = cipher; if (compression_method != 0) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; @@ -344,21 +343,21 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx) /* Derive the shared key and engage record protection. */ - if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key, + if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, &shared_key_len)) goto err; - s->session->cipher = S3I(s)->hs.new_cipher; - s->session->ssl_version = ctx->hs->server_version; + s->session->cipher = ctx->hs->cipher; + s->session->ssl_version = ctx->hs->tls13.server_version; - if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) goto err; - if ((ctx->hash = tls13_cipher_hash(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) goto err; if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) goto err; - ctx->hs->secrets = secrets; + ctx->hs->tls13.secrets = secrets; /* XXX - pass in hash. */ if (!tls1_transcript_hash_init(s)) @@ -375,7 +374,7 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx) goto err; /* Handshake secrets. */ - if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, + if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key, shared_key_len, &context)) goto err; @@ -414,13 +413,13 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs) return 0; /* - * This may have been a TLSv1.2 or earlier ServerHello that just happened - * to have matching server random... + * This may have been a TLSv1.2 or earlier ServerHello that just + * happened to have matching server random... */ - if (ctx->hs->use_legacy) + if (ctx->hs->tls13.use_legacy) return tls13_use_legacy_client(ctx); - if (!ctx->hs->hrr) + if (!ctx->hs->tls13.hrr) return 0; if (!tls13_synthetic_handshake_message(ctx)) @@ -428,7 +427,7 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs) if (!tls13_handshake_msg_record(ctx)) return 0; - ctx->hs->hrr = 0; + ctx->hs->tls13.hrr = 0; return 1; } @@ -441,17 +440,17 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) * supported groups and is not the same as the key share we previously * offered. */ - if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group)) + if (!tls1_check_curve(ctx->ssl, ctx->hs->tls13.server_group)) return 0; /* XXX alert */ - if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share)) + if (ctx->hs->tls13.server_group == tls_key_share_group(ctx->hs->key_share)) return 0; /* XXX alert */ /* Switch to new key share. */ - tls13_key_share_free(ctx->hs->key_share); + tls_key_share_free(ctx->hs->key_share); if ((ctx->hs->key_share = - tls13_key_share_new(ctx->hs->server_group)) == NULL) + tls_key_share_new(ctx->hs->tls13.server_group)) == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; if (!tls13_client_hello_build(ctx, cbb)) @@ -478,13 +477,13 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) return 0; } - if (ctx->hs->use_legacy) { + if (ctx->hs->tls13.use_legacy) { if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR)) return 0; return tls13_use_legacy_client(ctx); } - if (ctx->hs->hrr) { + if (ctx->hs->tls13.hrr) { /* The server has sent two HelloRetryRequests. */ ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; return 0; @@ -562,7 +561,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) X509 *cert = NULL; EVP_PKEY *pkey; const uint8_t *p; - int cert_idx, alert_desc; + int alert_desc, cert_type; int ret = 0; if ((certs = sk_X509_new_null()) == NULL) @@ -626,26 +625,20 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (EVP_PKEY_missing_parameters(pkey)) goto err; - if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) + if ((cert_type = ssl_cert_type(pkey)) < 0) goto err; - ssl_sess_cert_free(SSI(s)->sess_cert); - if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) - goto err; - - SSI(s)->sess_cert->cert_chain = certs; - certs = NULL; - X509_up_ref(cert); - SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; - SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); + X509_free(s->session->peer_cert); + s->session->peer_cert = cert; + s->session->peer_cert_type = cert_type; - X509_free(s->session->peer); - - X509_up_ref(cert); - s->session->peer = cert; s->session->verify_result = s->verify_result; + sk_X509_pop_free(s->session->cert_chain, X509_free); + s->session->cert_chain = certs; + certs = NULL; + if (ctx->ocsp_status_recv_cb != NULL && !ctx->ocsp_status_recv_cb(ctx)) goto err; @@ -681,10 +674,6 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!CBS_get_u16_length_prefixed(cbs, &signature)) goto err; - if ((sigalg = ssl_sigalg(signature_scheme, tls13_sigalgs, - tls13_sigalgs_len)) == NULL) - goto err; - if (!CBB_init(&cbb, 0)) goto err; if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, @@ -695,18 +684,20 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (!CBB_add_u8(&cbb, 0)) goto err; - if (!CBB_add_bytes(&cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) goto err; - if ((cert = ctx->ssl->session->peer) == NULL) + if ((cert = ctx->ssl->session->peer_cert) == NULL) goto err; if ((pkey = X509_get0_pubkey(cert)) == NULL) goto err; - if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1)) + if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey, + signature_scheme)) == NULL) goto err; + ctx->hs->peer_sigalg = sigalg; if (CBS_len(&signature) > EVP_PKEY_size(pkey)) goto err; @@ -746,7 +737,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; struct tls13_secret finished_key; uint8_t transcript_hash[EVP_MAX_MD_SIZE]; @@ -774,8 +765,8 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, ctx->hash, NULL)) goto err; - if (!HMAC_Update(hmac_ctx, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; verify_data_len = HMAC_size(hmac_ctx); if ((verify_data = calloc(1, verify_data_len)) == NULL) @@ -790,6 +781,11 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; } + if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, + sizeof(ctx->hs->peer_finished), + &ctx->hs->peer_finished_len)) + goto err; + if (!CBS_skip(cbs, verify_data_len)) goto err; @@ -826,7 +822,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } static int -tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_client_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -849,12 +845,12 @@ tls13_client_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_client_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_client_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -895,15 +891,15 @@ tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) CBB cert_request_context, cert_list; const struct ssl_sigalg *sigalg; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; if (!tls13_client_select_certificate(ctx, &cpk, &sigalg)) goto err; - ctx->hs->cpk = cpk; - ctx->hs->sigalg = sigalg; + ctx->hs->tls13.cpk = cpk; + ctx->hs->our_sigalg = sigalg; if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) goto err; @@ -946,15 +942,15 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; memset(&sig_cbb, 0, sizeof(sig_cbb)); - if ((cpk = ctx->hs->cpk) == NULL) + if ((cpk = ctx->hs->tls13.cpk) == NULL) goto err; - if ((sigalg = ctx->hs->sigalg) == NULL) + if ((sigalg = ctx->hs->our_sigalg) == NULL) goto err; pkey = cpk->privatekey; @@ -968,8 +964,8 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) goto err; if (!CBB_add_u8(&sig_cbb, 0)) goto err; - if (!CBB_add_bytes(&sig_cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len)) goto err; @@ -1026,20 +1022,20 @@ tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key; + struct tls13_secret finished_key = { .data = NULL, .len = 0 }; uint8_t transcript_hash[EVP_MAX_MD_SIZE]; size_t transcript_hash_len; - uint8_t key[EVP_MAX_MD_SIZE]; uint8_t *verify_data; - size_t hmac_len; + size_t verify_data_len; unsigned int hlen; HMAC_CTX *hmac_ctx = NULL; + CBS cbs; int ret = 0; - finished_key.data = key; - finished_key.len = EVP_MD_size(ctx->hash); + if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) + goto err; if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, &secrets->client_handshake_traffic, "finished", @@ -1058,17 +1054,23 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) goto err; - hmac_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(cbb, &verify_data, hmac_len)) + verify_data_len = HMAC_size(hmac_ctx); + if (!CBB_add_space(cbb, &verify_data, verify_data_len)) goto err; if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) goto err; - if (hlen != hmac_len) + if (hlen != verify_data_len) + goto err; + + CBS_init(&cbs, verify_data, verify_data_len); + if (!CBS_write_bytes(&cbs, ctx->hs->finished, + sizeof(ctx->hs->finished), &ctx->hs->finished_len)) goto err; ret = 1; err: + tls13_secret_cleanup(&finished_key); HMAC_CTX_free(hmac_ctx); return ret; @@ -1077,7 +1079,7 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_client_finished_sent(struct tls13_ctx *ctx) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; /* * Any records following the client finished message must be encrypted diff --git a/externals/libressl/ssl/tls13_handshake.c b/externals/libressl/ssl/tls13_handshake.c index b3cecc77e..cca8560fc 100755 --- a/externals/libressl/ssl/tls13_handshake.c +++ b/externals/libressl/ssl/tls13_handshake.c @@ -1,6 +1,6 @@ -/* $OpenBSD: tls13_handshake.c,v 1.64 2020/07/30 16:23:17 tb Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.70 2021/09/16 19:25:30 jsing Exp $ */ /* - * Copyright (c) 2018-2019 Theo Buehler + * Copyright (c) 2018-2021 Theo Buehler * Copyright (c) 2019 Joel Sing * * Permission to use, copy, modify, and distribute this software for any @@ -48,6 +48,9 @@ static int tls13_handshake_send_action(struct tls13_ctx *ctx, static int tls13_handshake_recv_action(struct tls13_ctx *ctx, const struct tls13_handshake_action *action); +static int tls13_handshake_set_legacy_state(struct tls13_ctx *ctx); +static int tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx); + static const struct tls13_handshake_action state_machine[] = { [CLIENT_HELLO] = { .handshake_type = TLS13_MT_CLIENT_HELLO, @@ -328,6 +331,18 @@ tls13_handshake_advance_state_machine(struct tls13_ctx *ctx) return 1; } +static int +tls13_handshake_end_of_flight(struct tls13_ctx *ctx, + const struct tls13_handshake_action *previous) +{ + const struct tls13_handshake_action *current; + + if ((current = tls13_handshake_active_action(ctx)) == NULL) + return 1; + + return current->sender != previous->sender; +} + int tls13_handshake_msg_record(struct tls13_ctx *ctx) { @@ -341,40 +356,64 @@ int tls13_handshake_perform(struct tls13_ctx *ctx) { const struct tls13_handshake_action *action; + int sending; int ret; if (!ctx->handshake_started) { + /* + * Set legacy state to connect/accept and call info callback + * to signal that the handshake started. + */ + if (!tls13_handshake_set_legacy_state(ctx)) + return TLS13_IO_FAILURE; + if (!tls13_handshake_legacy_info_callback(ctx)) + return TLS13_IO_FAILURE; + ctx->handshake_started = 1; - if (ctx->info_cb != NULL) - ctx->info_cb(ctx, TLS13_INFO_HANDSHAKE_STARTED, 1); + + /* Set legacy state for initial ClientHello read or write. */ + if (!tls13_handshake_set_legacy_state(ctx)) + return TLS13_IO_FAILURE; } for (;;) { if ((action = tls13_handshake_active_action(ctx)) == NULL) return TLS13_IO_FAILURE; + if (ctx->need_flush) { + if ((ret = tls13_record_layer_flush(ctx->rl)) != + TLS13_IO_SUCCESS) + return ret; + ctx->need_flush = 0; + } + if (action->handshake_complete) { ctx->handshake_completed = 1; tls13_record_layer_handshake_completed(ctx->rl); - if (ctx->info_cb != NULL) - ctx->info_cb(ctx, - TLS13_INFO_HANDSHAKE_COMPLETED, 1); + + if (!tls13_handshake_set_legacy_state(ctx)) + return TLS13_IO_FAILURE; + if (!tls13_handshake_legacy_info_callback(ctx)) + return TLS13_IO_FAILURE; + return TLS13_IO_SUCCESS; } + sending = action->sender == ctx->mode; + DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode), - (action->sender == ctx->mode) ? "sending" : "receiving", + sending ? "sending" : "receiving", tls13_handshake_message_name(action->handshake_type)); - if (ctx->alert) + if (ctx->alert != 0) return tls13_send_alert(ctx->rl, ctx->alert); - if (action->sender == ctx->mode) + if (sending) ret = tls13_handshake_send_action(ctx, action); else ret = tls13_handshake_recv_action(ctx, action); - if (ctx->alert) + if (ctx->alert != 0) return tls13_send_alert(ctx->rl, ctx->alert); if (ret <= 0) { @@ -385,8 +424,18 @@ tls13_handshake_perform(struct tls13_ctx *ctx) return ret; } + if (!tls13_handshake_legacy_info_callback(ctx)) + return TLS13_IO_FAILURE; + if (!tls13_handshake_advance_state_machine(ctx)) return TLS13_IO_FAILURE; + + if (sending) + ctx->need_flush = tls13_handshake_end_of_flight(ctx, + action); + + if (!tls13_handshake_set_legacy_state(ctx)) + return TLS13_IO_FAILURE; } } @@ -428,8 +477,9 @@ tls13_handshake_send_action(struct tls13_ctx *ctx, if (action->send_preserve_transcript_hash) { if (!tls1_transcript_hash_value(ctx->ssl, - ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash), - &ctx->hs->transcript_hash_len)) + ctx->hs->tls13.transcript_hash, + sizeof(ctx->hs->tls13.transcript_hash), + &ctx->hs->tls13.transcript_hash_len)) return TLS13_IO_FAILURE; } @@ -471,8 +521,9 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, if (action->recv_preserve_transcript_hash) { if (!tls1_transcript_hash_value(ctx->ssl, - ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash), - &ctx->hs->transcript_hash_len)) + ctx->hs->tls13.transcript_hash, + sizeof(ctx->hs->tls13.transcript_hash), + &ctx->hs->tls13.transcript_hash_len)) return TLS13_IO_FAILURE; } @@ -510,8 +561,163 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, tls13_handshake_msg_free(ctx->hs_msg); ctx->hs_msg = NULL; - if (ctx->ssl->method->internal->version < TLS1_3_VERSION) + if (ctx->ssl->method->version < TLS1_3_VERSION) return TLS13_IO_USE_LEGACY; return ret; } + +struct tls13_handshake_legacy_state { + int recv; + int send; +}; + +static const struct tls13_handshake_legacy_state legacy_states[] = { + [CLIENT_HELLO] = { + .recv = SSL3_ST_SR_CLNT_HELLO_A, + .send = SSL3_ST_CW_CLNT_HELLO_A, + }, + [SERVER_HELLO_RETRY_REQUEST] = { + .recv = SSL3_ST_CR_SRVR_HELLO_A, + .send = SSL3_ST_SW_SRVR_HELLO_A, + }, + [CLIENT_HELLO_RETRY] = { + .recv = SSL3_ST_SR_CLNT_HELLO_A, + .send = SSL3_ST_CW_CLNT_HELLO_A, + }, + [SERVER_HELLO] = { + .recv = SSL3_ST_CR_SRVR_HELLO_A, + .send = SSL3_ST_SW_SRVR_HELLO_A, + }, + [SERVER_ENCRYPTED_EXTENSIONS] = { + .send = 0, + .recv = 0, + }, + [SERVER_CERTIFICATE_REQUEST] = { + .recv = SSL3_ST_CR_CERT_REQ_A, + .send = SSL3_ST_SW_CERT_REQ_A, + }, + [SERVER_CERTIFICATE] = { + .recv = SSL3_ST_CR_CERT_A, + .send = SSL3_ST_SW_CERT_A, + }, + [SERVER_CERTIFICATE_VERIFY] = { + .send = 0, + .recv = 0, + }, + [SERVER_FINISHED] = { + .recv = SSL3_ST_CR_FINISHED_A, + .send = SSL3_ST_SW_FINISHED_A, + }, + [CLIENT_END_OF_EARLY_DATA] = { + .send = 0, + .recv = 0, + }, + [CLIENT_CERTIFICATE] = { + .recv = SSL3_ST_SR_CERT_VRFY_A, + .send = SSL3_ST_CW_CERT_VRFY_B, + }, + [CLIENT_CERTIFICATE_VERIFY] = { + .send = 0, + .recv = 0, + }, + [CLIENT_FINISHED] = { + .recv = SSL3_ST_SR_FINISHED_A, + .send = SSL3_ST_CW_FINISHED_A, + }, + [APPLICATION_DATA] = { + .recv = 0, + .send = 0, + }, +}; + +CTASSERT(sizeof(state_machine) / sizeof(state_machine[0]) == + sizeof(legacy_states) / sizeof(legacy_states[0])); + +static int +tls13_handshake_legacy_state(struct tls13_ctx *ctx, int *out_state) +{ + const struct tls13_handshake_action *action; + enum tls13_message_type mt; + + *out_state = 0; + + if (!ctx->handshake_started) { + if (ctx->mode == TLS13_HS_CLIENT) + *out_state = SSL_ST_CONNECT; + else + *out_state = SSL_ST_ACCEPT; + + return 1; + } + + if (ctx->handshake_completed) { + *out_state = SSL_ST_OK; + return 1; + } + + if ((mt = tls13_handshake_active_state(ctx)) == INVALID) + return 0; + + if ((action = tls13_handshake_active_action(ctx)) == NULL) + return 0; + + if (action->sender == ctx->mode) + *out_state = legacy_states[mt].send; + else + *out_state = legacy_states[mt].recv; + + return 1; +} + +static int +tls13_handshake_info_position(struct tls13_ctx *ctx) +{ + if (!ctx->handshake_started) + return TLS13_INFO_HANDSHAKE_STARTED; + + if (ctx->handshake_completed) + return TLS13_INFO_HANDSHAKE_COMPLETED; + + if (ctx->mode == TLS13_HS_CLIENT) + return TLS13_INFO_CONNECT_LOOP; + else + return TLS13_INFO_ACCEPT_LOOP; +} + +static int +tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx) +{ + int state, where; + + if (!tls13_handshake_legacy_state(ctx, &state)) + return 0; + + /* Do nothing if there's no corresponding legacy state. */ + if (state == 0) + return 1; + + if (ctx->info_cb != NULL) { + where = tls13_handshake_info_position(ctx); + ctx->info_cb(ctx, where, 1); + } + + return 1; +} + +static int +tls13_handshake_set_legacy_state(struct tls13_ctx *ctx) +{ + int state; + + if (!tls13_handshake_legacy_state(ctx, &state)) + return 0; + + /* Do nothing if there's no corresponding legacy state. */ + if (state == 0) + return 1; + + ctx->hs->state = state; + + return 1; +} diff --git a/externals/libressl/ssl/tls13_handshake_msg.c b/externals/libressl/ssl/tls13_handshake_msg.c index 21932fc4e..67eab3152 100755 --- a/externals/libressl/ssl/tls13_handshake_msg.c +++ b/externals/libressl/ssl/tls13_handshake_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake_msg.c,v 1.2 2019/11/20 16:21:20 beck Exp $ */ +/* $OpenBSD: tls13_handshake_msg.c,v 1.4 2021/10/23 13:12:14 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -16,7 +16,6 @@ */ #include "bytestring.h" -#include "ssl_locl.h" #include "tls13_internal.h" #define TLS13_HANDSHAKE_MSG_HEADER_LEN 4 @@ -29,7 +28,7 @@ struct tls13_handshake_msg { uint8_t *data; size_t data_len; - struct tls13_buffer *buf; + struct tls_buffer *buf; CBS cbs; CBB cbb; }; @@ -41,7 +40,7 @@ tls13_handshake_msg_new() if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL) goto err; - if ((msg->buf = tls13_buffer_new(0)) == NULL) + if ((msg->buf = tls_buffer_new(0)) == NULL) goto err; return msg; @@ -58,7 +57,7 @@ tls13_handshake_msg_free(struct tls13_handshake_msg *msg) if (msg == NULL) return; - tls13_buffer_free(msg->buf); + tls_buffer_free(msg->buf); CBB_cleanup(&msg->cbb); @@ -75,7 +74,7 @@ tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs) int tls13_handshake_msg_set_buffer(struct tls13_handshake_msg *msg, CBS *cbs) { - return tls13_buffer_set_data(msg->buf, cbs); + return tls_buffer_set_data(msg->buf, cbs); } uint8_t @@ -138,12 +137,12 @@ tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, return TLS13_IO_FAILURE; if (msg->msg_type == 0) { - if ((ret = tls13_buffer_extend(msg->buf, + if ((ret = tls_buffer_extend(msg->buf, TLS13_HANDSHAKE_MSG_HEADER_LEN, tls13_handshake_msg_read_cb, rl)) <= 0) return ret; - tls13_buffer_cbs(msg->buf, &cbs); + tls_buffer_cbs(msg->buf, &cbs); if (!CBS_get_u8(&cbs, &msg_type)) return TLS13_IO_FAILURE; @@ -158,12 +157,12 @@ tls13_handshake_msg_recv(struct tls13_handshake_msg *msg, msg->msg_len = msg_len; } - if ((ret = tls13_buffer_extend(msg->buf, + if ((ret = tls_buffer_extend(msg->buf, TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len, tls13_handshake_msg_read_cb, rl)) <= 0) return ret; - if (!tls13_buffer_finish(msg->buf, &msg->data, &msg->data_len)) + if (!tls_buffer_finish(msg->buf, &msg->data, &msg->data_len)) return TLS13_IO_FAILURE; return TLS13_IO_SUCCESS; diff --git a/externals/libressl/ssl/tls13_internal.h b/externals/libressl/ssl/tls13_internal.h index 03a1a6b4b..4c3a32802 100755 --- a/externals/libressl/ssl/tls13_internal.h +++ b/externals/libressl/ssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.96 2022/01/05 17:10:02 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -24,6 +24,7 @@ #include #include "bytestring.h" +#include "tls_internal.h" __BEGIN_HIDDEN_DECLS @@ -81,31 +82,18 @@ __BEGIN_HIDDEN_DECLS #define TLS13_INFO_HANDSHAKE_STARTED SSL_CB_HANDSHAKE_START #define TLS13_INFO_HANDSHAKE_COMPLETED SSL_CB_HANDSHAKE_DONE +#define TLS13_INFO_ACCEPT_LOOP SSL_CB_ACCEPT_LOOP +#define TLS13_INFO_CONNECT_LOOP SSL_CB_CONNECT_LOOP +#define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT +#define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); typedef void (*tls13_phh_sent_cb)(void *_cb_arg); -typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); -typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, - void *_cb_arg); typedef void (*tls13_handshake_message_cb)(void *_cb_arg); typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret); typedef int (*tls13_ocsp_status_cb)(void *_cb_arg); -/* - * Buffers. - */ -struct tls13_buffer; - -struct tls13_buffer *tls13_buffer_new(size_t init_size); -int tls13_buffer_set_data(struct tls13_buffer *buf, CBS *data); -void tls13_buffer_free(struct tls13_buffer *buf); -ssize_t tls13_buffer_extend(struct tls13_buffer *buf, size_t len, - tls13_read_cb read_cb, void *cb_arg); -void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs); -int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out, - size_t *out_len); - /* * Secrets. */ @@ -141,6 +129,8 @@ struct tls13_secrets { struct tls13_secret resumption_master; }; +int tls13_secret_init(struct tls13_secret *secret, size_t len); +void tls13_secret_cleanup(struct tls13_secret *secret); struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest, int resumption); void tls13_secrets_destroy(struct tls13_secrets *secrets); @@ -148,6 +138,16 @@ void tls13_secrets_destroy(struct tls13_secrets *secrets); int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, const struct tls13_secret *secret, const char *label, const struct tls13_secret *context); +int tls13_hkdf_expand_label_with_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, + const uint8_t *label, size_t label_len, const struct tls13_secret *context); + +int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, + const struct tls13_secret *secret, const char *label, + const struct tls13_secret *context); +int tls13_derive_secret_with_label_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, + const uint8_t *label, size_t label_len, const struct tls13_secret *context); int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, size_t psk_len, const struct tls13_secret *context); @@ -158,32 +158,15 @@ int tls13_derive_application_secrets(struct tls13_secrets *secrets, int tls13_update_client_traffic_secret(struct tls13_secrets *secrets); int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); -/* - * Key shares. - */ -struct tls13_key_share; - -struct tls13_key_share *tls13_key_share_new(uint16_t group_id); -struct tls13_key_share *tls13_key_share_new_nid(int nid); -void tls13_key_share_free(struct tls13_key_share *ks); - -uint16_t tls13_key_share_group(struct tls13_key_share *ks); -int tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey); -int tls13_key_share_generate(struct tls13_key_share *ks); -int tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb); -int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, - CBS *cbs); -int tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, - size_t *shared_key_len); - /* * Record Layer. */ struct tls13_record_layer; struct tls13_record_layer_callbacks { - tls13_read_cb wire_read; - tls13_write_cb wire_write; + tls_read_cb wire_read; + tls_write_cb wire_write; + tls_flush_cb wire_flush; tls13_alert_cb alert_recv; tls13_alert_cb alert_sent; tls13_phh_recv_cb phh_recv; @@ -195,7 +178,7 @@ struct tls13_record_layer *tls13_record_layer_new( void tls13_record_layer_free(struct tls13_record_layer *rl); void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow); void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow); -void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs); +void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs); void tls13_record_layer_set_aead(struct tls13_record_layer *rl, const EVP_AEAD *aead); void tls13_record_layer_set_hash(struct tls13_record_layer *rl, @@ -210,6 +193,7 @@ int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, struct tls13_secret *write_key); ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl); ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs); +ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl); ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, @@ -262,11 +246,12 @@ struct tls13_ctx { struct tls13_error error; SSL *ssl; - struct ssl_handshake_tls13_st *hs; + struct ssl_handshake_st *hs; uint8_t mode; struct tls13_handshake_stage handshake_stage; int handshake_started; int handshake_completed; + int need_flush; int middlebox_compat; int send_dummy_ccs; int send_dummy_ccs_after; @@ -312,6 +297,7 @@ int tls13_legacy_connect(SSL *ssl); int tls13_legacy_return_code(SSL *ssl, ssize_t ret); ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); +ssize_t tls13_legacy_wire_flush_cb(void *arg); int tls13_legacy_pending(const SSL *ssl); int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek); @@ -412,6 +398,10 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode, tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ (fmt), __VA_ARGS__) +int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, + const uint8_t *context_value, size_t context_value_len, uint8_t *out, + size_t out_len); + extern const uint8_t tls13_downgrade_12[8]; extern const uint8_t tls13_downgrade_11[8]; extern const uint8_t tls13_hello_retry_request_hash[32]; diff --git a/externals/libressl/ssl/tls13_key_schedule.c b/externals/libressl/ssl/tls13_key_schedule.c index 91f59e46f..bb96cf3dd 100755 --- a/externals/libressl/ssl/tls13_key_schedule.c +++ b/externals/libressl/ssl/tls13_key_schedule.c @@ -1,5 +1,6 @@ -/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */ -/* Copyright (c) 2018, Bob Beck +/* $OpenBSD: tls13_key_schedule.c,v 1.14 2021/01/05 18:36:22 tb Exp $ */ +/* + * Copyright (c) 2018, Bob Beck * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -22,46 +23,25 @@ #include "bytestring.h" #include "tls13_internal.h" -void -tls13_secrets_destroy(struct tls13_secrets *secrets) +int +tls13_secret_init(struct tls13_secret *secret, size_t len) { - if (secrets == NULL) - return; + if (secret->data != NULL) + return 0; - /* you can never be too sure :) */ - freezero(secrets->zeros.data, secrets->zeros.len); - freezero(secrets->empty_hash.data, secrets->empty_hash.len); + if ((secret->data = calloc(1, len)) == NULL) + return 0; + secret->len = len; - freezero(secrets->extracted_early.data, - secrets->extracted_early.len); - freezero(secrets->binder_key.data, - secrets->binder_key.len); - freezero(secrets->client_early_traffic.data, - secrets->client_early_traffic.len); - freezero(secrets->early_exporter_master.data, - secrets->early_exporter_master.len); - freezero(secrets->derived_early.data, - secrets->derived_early.len); - freezero(secrets->extracted_handshake.data, - secrets->extracted_handshake.len); - freezero(secrets->client_handshake_traffic.data, - secrets->client_handshake_traffic.len); - freezero(secrets->server_handshake_traffic.data, - secrets->server_handshake_traffic.len); - freezero(secrets->derived_handshake.data, - secrets->derived_handshake.len); - freezero(secrets->extracted_master.data, - secrets->extracted_master.len); - freezero(secrets->client_application_traffic.data, - secrets->client_application_traffic.len); - freezero(secrets->server_application_traffic.data, - secrets->server_application_traffic.len); - freezero(secrets->exporter_master.data, - secrets->exporter_master.len); - freezero(secrets->resumption_master.data, - secrets->resumption_master.len); + return 1; +} - freezero(secrets, sizeof(struct tls13_secrets)); +void +tls13_secret_cleanup(struct tls13_secret *secret) +{ + freezero(secret->data, secret->len); + secret->data = NULL; + secret->len = 0; } /* @@ -81,62 +61,39 @@ tls13_secrets_create(const EVP_MD *digest, int resumption) if ((secrets = calloc(1, sizeof(struct tls13_secrets))) == NULL) goto err; - if ((secrets->zeros.data = calloc(hash_length, sizeof(uint8_t))) == - NULL) + if (!tls13_secret_init(&secrets->zeros, hash_length)) + goto err; + if (!tls13_secret_init(&secrets->empty_hash, hash_length)) goto err; - secrets->zeros.len = hash_length; - if ((secrets->empty_hash.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->extracted_early, hash_length)) goto err; - secrets->empty_hash.len = hash_length; - - if ((secrets->extracted_early.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->binder_key, hash_length)) goto err; - secrets->extracted_early.len = hash_length; - if ((secrets->binder_key.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->client_early_traffic, hash_length)) goto err; - secrets->binder_key.len = hash_length; - if ((secrets->client_early_traffic.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->early_exporter_master, hash_length)) goto err; - secrets->client_early_traffic.len = hash_length; - if ((secrets->early_exporter_master.data = malloc(hash_length)) == - NULL) + if (!tls13_secret_init(&secrets->derived_early, hash_length)) goto err; - secrets->early_exporter_master.len = hash_length; - if ((secrets->derived_early.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->extracted_handshake, hash_length)) goto err; - secrets->derived_early.len = hash_length; - if ((secrets->extracted_handshake.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->client_handshake_traffic, hash_length)) goto err; - secrets->extracted_handshake.len = hash_length; - if ((secrets->client_handshake_traffic.data = malloc(hash_length)) - == NULL) + if (!tls13_secret_init(&secrets->server_handshake_traffic, hash_length)) goto err; - secrets->client_handshake_traffic.len = hash_length; - if ((secrets->server_handshake_traffic.data = malloc(hash_length)) - == NULL) + if (!tls13_secret_init(&secrets->derived_handshake, hash_length)) goto err; - secrets->server_handshake_traffic.len = hash_length; - if ((secrets->derived_handshake.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->extracted_master, hash_length)) goto err; - secrets->derived_handshake.len = hash_length; - if ((secrets->extracted_master.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->client_application_traffic, hash_length)) goto err; - secrets->extracted_master.len = hash_length; - if ((secrets->client_application_traffic.data = malloc(hash_length)) == - NULL) + if (!tls13_secret_init(&secrets->server_application_traffic, hash_length)) goto err; - secrets->client_application_traffic.len = hash_length; - if ((secrets->server_application_traffic.data = malloc(hash_length)) == - NULL) + if (!tls13_secret_init(&secrets->exporter_master, hash_length)) goto err; - secrets->server_application_traffic.len = hash_length; - if ((secrets->exporter_master.data = malloc(hash_length)) == NULL) + if (!tls13_secret_init(&secrets->resumption_master, hash_length)) goto err; - secrets->exporter_master.len = hash_length; - if ((secrets->resumption_master.data = malloc(hash_length)) == NULL) - goto err; - secrets->resumption_master.len = hash_length; /* * Calculate the hash of a zero-length string - this is needed during @@ -169,10 +126,47 @@ tls13_secrets_create(const EVP_MD *digest, int resumption) return NULL; } +void +tls13_secrets_destroy(struct tls13_secrets *secrets) +{ + if (secrets == NULL) + return; + + /* you can never be too sure :) */ + tls13_secret_cleanup(&secrets->zeros); + tls13_secret_cleanup(&secrets->empty_hash); + + tls13_secret_cleanup(&secrets->extracted_early); + tls13_secret_cleanup(&secrets->binder_key); + tls13_secret_cleanup(&secrets->client_early_traffic); + tls13_secret_cleanup(&secrets->early_exporter_master); + tls13_secret_cleanup(&secrets->derived_early); + tls13_secret_cleanup(&secrets->extracted_handshake); + tls13_secret_cleanup(&secrets->client_handshake_traffic); + tls13_secret_cleanup(&secrets->server_handshake_traffic); + tls13_secret_cleanup(&secrets->derived_handshake); + tls13_secret_cleanup(&secrets->extracted_master); + tls13_secret_cleanup(&secrets->client_application_traffic); + tls13_secret_cleanup(&secrets->server_application_traffic); + tls13_secret_cleanup(&secrets->exporter_master); + tls13_secret_cleanup(&secrets->resumption_master); + + freezero(secrets, sizeof(struct tls13_secrets)); +} + int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, const struct tls13_secret *secret, const char *label, const struct tls13_secret *context) +{ + return tls13_hkdf_expand_label_with_length(out, digest, secret, label, + strlen(label), context); +} + +int +tls13_hkdf_expand_label_with_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, + const uint8_t *label, size_t label_len, const struct tls13_secret *context) { const char tls13_plabel[] = "tls13 "; uint8_t *hkdf_label; @@ -188,7 +182,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, goto err; if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel))) goto err; - if (!CBB_add_bytes(&child, label, strlen(label))) + if (!CBB_add_bytes(&child, label, label_len)) goto err; if (!CBB_add_u8_length_prefixed(&cbb, &child)) goto err; @@ -207,7 +201,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, return(0); } -static int +int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, const struct tls13_secret *secret, const char *label, const struct tls13_secret *context) @@ -215,6 +209,15 @@ tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, return tls13_hkdf_expand_label(out, digest, secret, label, context); } +int +tls13_derive_secret_with_label_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label, + size_t label_len, const struct tls13_secret *context) +{ + return tls13_hkdf_expand_label_with_length(out, digest, secret, label, + label_len, context); +} + int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, size_t psk_len, const struct tls13_secret *context) diff --git a/externals/libressl/ssl/tls13_legacy.c b/externals/libressl/ssl/tls13_legacy.c index 317a1cb0f..27e030fa7 100755 --- a/externals/libressl/ssl/tls13_legacy.c +++ b/externals/libressl/ssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.13 2020/09/13 15:04:35 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.37 2022/02/06 16:08:14 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -20,10 +20,6 @@ #include "ssl_locl.h" #include "tls13_internal.h" -SSL3_ENC_METHOD TLSv1_3_enc_data = { - .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_TLS1_3_CIPHERS, -}; - static ssize_t tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) { @@ -40,8 +36,6 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { if (BIO_should_read(ssl->rbio)) return TLS13_IO_WANT_POLLIN; - if (BIO_should_write(ssl->rbio)) - return TLS13_IO_WANT_POLLOUT; if (n == 0) return TLS13_IO_EOF; @@ -79,8 +73,6 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len) errno = 0; if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { - if (BIO_should_read(ssl->wbio)) - return TLS13_IO_WANT_POLLIN; if (BIO_should_write(ssl->wbio)) return TLS13_IO_WANT_POLLOUT; @@ -104,6 +96,30 @@ tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg) return tls13_legacy_wire_write(ctx->ssl, buf, n); } +static ssize_t +tls13_legacy_wire_flush(SSL *ssl) +{ + if (BIO_flush(ssl->wbio) <= 0) { + if (BIO_should_write(ssl->wbio)) + return TLS13_IO_WANT_POLLOUT; + + if (ERR_peek_error() == 0 && errno != 0) + SYSerror(errno); + + return TLS13_IO_FAILURE; + } + + return TLS13_IO_SUCCESS; +} + +ssize_t +tls13_legacy_wire_flush_cb(void *arg) +{ + struct tls13_ctx *ctx = arg; + + return tls13_legacy_wire_flush(ctx->ssl); +} + static void tls13_legacy_error(SSL *ssl) { @@ -111,7 +127,7 @@ tls13_legacy_error(SSL *ssl) int reason = SSL_R_UNKNOWN; /* If we received a fatal alert we already put an error on the stack. */ - if (S3I(ssl)->fatal_alert != 0) + if (ssl->s3->fatal_alert != 0) return; switch (ctx->error.code) { @@ -213,6 +229,8 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN); } @@ -224,7 +242,7 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee return -1; } if (len < 0) { - SSLerror(ssl, SSL_R_BAD_LENGTH); + SSLerror(ssl, SSL_R_BAD_LENGTH); return -1; } @@ -247,6 +265,8 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT); } @@ -255,7 +275,7 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) return -1; } if (len < 0) { - SSLerror(ssl, SSL_R_BAD_LENGTH); + SSLerror(ssl, SSL_R_BAD_LENGTH); return -1; } @@ -269,23 +289,23 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) } /* - * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until + * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until * we have written out all of the requested data. */ - sent = S3I(ssl)->wnum; + sent = ssl->s3->wnum; if (len < sent) { - SSLerror(ssl, SSL_R_BAD_LENGTH); + SSLerror(ssl, SSL_R_BAD_LENGTH); return -1; } n = len - sent; for (;;) { if (n == 0) { - S3I(ssl)->wnum = 0; + ssl->s3->wnum = 0; return sent; } if ((ret = tls13_write_application_data(ctx->rl, &buf[sent], n)) <= 0) { - S3I(ssl)->wnum = sent; + ssl->s3->wnum = sent; return tls13_legacy_return_code(ssl, ret); } sent += ret; @@ -297,44 +317,65 @@ static int tls13_use_legacy_stack(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; + CBB cbb, fragment; CBS cbs; + memset(&cbb, 0, sizeof(cbb)); + + s->method = tls_legacy_method(); + if (!ssl3_setup_init_buffer(s)) - return 0; + goto err; if (!ssl3_setup_buffers(s)) - return 0; + goto err; if (!ssl_init_wbio_buffer(s, 1)) - return 0; + goto err; /* Stash any unprocessed data from the last record. */ - tls13_record_layer_rbuf(ctx->rl, &cbs); + tls13_record_layer_rcontent(ctx->rl, &cbs); if (CBS_len(&cbs) > 0) { - if (!CBS_write_bytes(&cbs, - S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, - S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) - return 0; + if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf, + s->s3->rbuf.len)) + goto err; + if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE)) + goto err; + if (!CBB_add_u16(&cbb, TLS1_2_VERSION)) + goto err; + if (!CBB_add_u16_length_prefixed(&cbb, &fragment)) + goto err; + if (!CBB_add_bytes(&fragment, CBS_data(&cbs), CBS_len(&cbs))) + goto err; + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; - S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; - S3I(s)->rbuf.left = CBS_len(&cbs); - S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; - S3I(s)->rrec.length = CBS_len(&cbs); + s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH; + s->s3->rbuf.left = CBS_len(&cbs); + s->s3->rrec.type = SSL3_RT_HANDSHAKE; + s->s3->rrec.length = CBS_len(&cbs); s->internal->rstate = SSL_ST_READ_BODY; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = SSL3_RT_HEADER_LENGTH; s->internal->mac_packet = 1; } /* Stash the current handshake message. */ tls13_handshake_msg_data(ctx->hs_msg, &cbs); + if (!BUF_MEM_grow_clean(s->internal->init_buf, CBS_len(&cbs))) + goto err; if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, s->internal->init_buf->length, NULL)) - return 0; + goto err; - S3I(s)->tmp.reuse_message = 1; - S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); - S3I(s)->tmp.message_size = CBS_len(&cbs); + s->s3->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); + s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; return 1; + + err: + CBB_cleanup(&cbb); + + return 0; } int @@ -342,14 +383,11 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_client_method(); - s->internal->handshake_func = s->method->internal->ssl_connect; - s->client_version = s->version = s->method->internal->max_version; - if (!tls13_use_legacy_stack(ctx)) return 0; - S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; + s->internal->handshake_func = s->method->ssl_connect; + s->version = s->method->max_tls_version; return 1; } @@ -359,15 +397,12 @@ tls13_use_legacy_server(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_server_method(); - s->internal->handshake_func = s->method->internal->ssl_accept; - s->client_version = s->version = s->method->internal->max_version; - s->server = 1; - if (!tls13_use_legacy_stack(ctx)) return 0; - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; + s->internal->handshake_func = s->method->ssl_accept; + s->version = s->method->max_tls_version; + s->server = 1; return 1; } @@ -385,7 +420,7 @@ tls13_legacy_accept(SSL *ssl) } ssl->internal->tls13 = ctx; ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs_tls13; + ctx->hs = &ssl->s3->hs; if (!tls13_server_init(ctx)) { if (ERR_peek_error() == 0) @@ -395,15 +430,17 @@ tls13_legacy_accept(SSL *ssl) } ERR_clear_error(); - S3I(ssl)->hs.state = SSL_ST_ACCEPT; ret = tls13_server_accept(ctx); if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_accept(ssl); - if (ret == TLS13_IO_SUCCESS) - S3I(ssl)->hs.state = SSL_ST_OK; + return ssl->method->ssl_accept(ssl); - return tls13_legacy_return_code(ssl, ret); + ret = tls13_legacy_return_code(ssl, ret); + + if (ctx->info_cb != NULL) + ctx->info_cb(ctx, TLS13_INFO_ACCEPT_EXIT, ret); + + return ret; } int @@ -412,14 +449,6 @@ tls13_legacy_connect(SSL *ssl) struct tls13_ctx *ctx = ssl->internal->tls13; int ret; -#ifdef TLS13_USE_LEGACY_CLIENT_AUTH - /* XXX drop back to legacy for client auth for now */ - if (ssl->cert->key->privatekey != NULL) { - ssl->method = tls_legacy_client_method(); - return ssl->method->internal->ssl_connect(ssl); - } -#endif - if (ctx == NULL) { if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ @@ -427,7 +456,7 @@ tls13_legacy_connect(SSL *ssl) } ssl->internal->tls13 = ctx; ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs_tls13; + ctx->hs = &ssl->s3->hs; if (!tls13_client_init(ctx)) { if (ERR_peek_error() == 0) @@ -437,15 +466,17 @@ tls13_legacy_connect(SSL *ssl) } ERR_clear_error(); - S3I(ssl)->hs.state = SSL_ST_CONNECT; ret = tls13_client_connect(ctx); if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_connect(ssl); - if (ret == TLS13_IO_SUCCESS) - S3I(ssl)->hs.state = SSL_ST_OK; + return ssl->method->ssl_connect(ssl); - return tls13_legacy_return_code(ssl, ret); + ret = tls13_legacy_return_code(ssl, ret); + + if (ctx->info_cb != NULL) + ctx->info_cb(ctx, TLS13_INFO_CONNECT_EXIT, ret); + + return ret; } int @@ -456,9 +487,9 @@ tls13_legacy_shutdown(SSL *ssl) ssize_t ret; /* - * We need to return 0 when we have sent a close-notify but have not - * yet received one. We return 1 only once we have sent and received - * close-notify alerts. All other cases return -1 and set internal + * We need to return 0 at the point that we have completed sending a + * close-notify. We return 1 when we have sent and received close-notify + * alerts. All other cases, including EOF, return -1 and set internal * state appropriately. */ if (ctx == NULL || ssl->internal->quiet_shutdown) { @@ -474,13 +505,15 @@ tls13_legacy_shutdown(SSL *ssl) TLS13_ALERT_CLOSE_NOTIFY)) < 0) return tls13_legacy_return_code(ssl, ret); } - if ((ret = tls13_record_layer_send_pending(ctx->rl)) != - TLS13_IO_SUCCESS) + ret = tls13_record_layer_send_pending(ctx->rl); + if (ret == TLS13_IO_EOF) + return -1; + if (ret != TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); } else if (!ctx->close_notify_recv) { /* * If there is no application data pending, attempt to read more - * data in order to receive a close notify. This should trigger + * data in order to receive a close-notify. This should trigger * a record to be read from the wire, which may be application * handshake or alert data. Only one attempt is made to match * previous semantics. @@ -489,6 +522,8 @@ tls13_legacy_shutdown(SSL *ssl) if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) < 0) return tls13_legacy_return_code(ssl, ret); + if (!ctx->close_notify_recv) + return -1; } } @@ -504,18 +539,22 @@ tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert) int legacy_alert = SSL_AD_UNRECOGNIZED_NAME; int ret = SSL_TLSEXT_ERR_NOACK; SSL_CTX *ssl_ctx = ctx->ssl->ctx; - SSL *ssl = ctx->ssl; + SSL *s = ctx->ssl; if (ssl_ctx->internal->tlsext_servername_callback == NULL) - ssl_ctx = ssl->initial_ctx; + ssl_ctx = s->initial_ctx; if (ssl_ctx->internal->tlsext_servername_callback == NULL) return 1; - ret = ssl_ctx->internal->tlsext_servername_callback(ssl, &legacy_alert, + ret = ssl_ctx->internal->tlsext_servername_callback(s, &legacy_alert, ssl_ctx->internal->tlsext_servername_arg); - if (ret == SSL_TLSEXT_ERR_ALERT_FATAL || - ret == SSL_TLSEXT_ERR_ALERT_WARNING) { + /* + * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's + * behavior: the only warning alerts in TLSv1.3 are close_notify and + * user_canceled, neither of which should be returned by the callback. + */ + if (ret == SSL_TLSEXT_ERR_ALERT_FATAL) { if (legacy_alert >= 0 && legacy_alert <= 255) *alert = legacy_alert; return 0; diff --git a/externals/libressl/ssl/tls13_lib.c b/externals/libressl/ssl/tls13_lib.c index 590426ad8..20d3a3841 100755 --- a/externals/libressl/ssl/tls13_lib.c +++ b/externals/libressl/ssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.54 2020/09/11 15:03:36 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.63 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -111,7 +111,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_recv = 1; ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - S3I(ctx->ssl)->warn_alert = alert_desc; + ctx->ssl->s3->warn_alert = alert_desc; return; } @@ -124,7 +124,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) } /* All other alerts are treated as fatal in TLSv1.3. */ - S3I(ctx->ssl)->fatal_alert = alert_desc; + ctx->ssl->s3->fatal_alert = alert_desc; SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); ERR_asprintf_error_data("SSL alert number %d", alert_desc); @@ -147,7 +147,8 @@ tls13_alert_sent_cb(uint8_t alert_desc, void *arg) } /* All other alerts are treated as fatal in TLSv1.3. */ - SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); + if (ctx->error.code == 0) + SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); } static void @@ -161,8 +162,7 @@ tls13_legacy_handshake_message_recv_cb(void *arg) return; tls13_handshake_msg_data(ctx->hs_msg, &cbs); - s->internal->msg_callback(0, TLS1_3_VERSION, SSL3_RT_HANDSHAKE, - CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg); + ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, CBS_data(&cbs), CBS_len(&cbs)); } static void @@ -176,8 +176,7 @@ tls13_legacy_handshake_message_sent_cb(void *arg) return; tls13_handshake_msg_data(ctx->hs_msg, &cbs); - s->internal->msg_callback(1, TLS1_3_VERSION, SSL3_RT_HANDSHAKE, - CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg); + ssl_msg_callback(s, 1, SSL3_RT_HANDSHAKE, CBS_data(&cbs), CBS_len(&cbs)); } static void @@ -185,12 +184,8 @@ tls13_legacy_info_cb(void *arg, int state, int ret) { struct tls13_ctx *ctx = arg; SSL *s = ctx->ssl; - void (*cb)(const SSL *, int, int); - if ((cb = s->internal->info_callback) == NULL) - cb = s->ctx->internal->info_callback; - if (cb != NULL) - cb(s, state, ret); + ssl_info_callback(s, state, ret); } static int @@ -200,8 +195,7 @@ tls13_legacy_ocsp_status_recv_cb(void *arg) SSL *s = ctx->ssl; int ret; - if (s->ctx->internal->tlsext_status_cb == NULL || - s->internal->tlsext_ocsp_resp == NULL) + if (s->ctx->internal->tlsext_status_cb == NULL) return 1; ret = s->ctx->internal->tlsext_status_cb(s, @@ -223,7 +217,7 @@ tls13_legacy_ocsp_status_recv_cb(void *arg) static int tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; if (ctx->mode == TLS13_HS_CLIENT) return (tls13_update_client_traffic_secret(secrets) && @@ -237,7 +231,7 @@ tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) static int tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; if (ctx->mode == TLS13_HS_CLIENT) return (tls13_update_server_traffic_secret(secrets) && @@ -380,6 +374,7 @@ tls13_phh_received_cb(void *cb_arg, CBS *cbs) static const struct tls13_record_layer_callbacks rl_callbacks = { .wire_read = tls13_legacy_wire_read_cb, .wire_write = tls13_legacy_wire_write_cb, + .wire_flush = tls13_legacy_wire_flush_cb, .alert_recv = tls13_alert_received_cb, .alert_sent = tls13_alert_sent_cb, .phh_recv = tls13_phh_received_cb, @@ -429,9 +424,9 @@ tls13_ctx_free(struct tls13_ctx *ctx) int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, - int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)) + int (*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)) { - CBB cert_data; + CBB cert_data, cert_exts; uint8_t *data; int cert_len; @@ -448,7 +443,6 @@ tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb)) return 0; } else { - CBB cert_exts; if (!CBB_add_u16_length_prefixed(cbb, &cert_exts)) return 0; } @@ -504,16 +498,16 @@ tls13_synthetic_handshake_message(struct tls13_ctx *ctx) int tls13_clienthello_hash_init(struct tls13_ctx *ctx) { - if (ctx->hs->clienthello_md_ctx != NULL) + if (ctx->hs->tls13.clienthello_md_ctx != NULL) return 0; - if ((ctx->hs->clienthello_md_ctx = EVP_MD_CTX_new()) == NULL) + if ((ctx->hs->tls13.clienthello_md_ctx = EVP_MD_CTX_new()) == NULL) return 0; - if (!EVP_DigestInit_ex(ctx->hs->clienthello_md_ctx, + if (!EVP_DigestInit_ex(ctx->hs->tls13.clienthello_md_ctx, EVP_sha256(), NULL)) return 0; - if ((ctx->hs->clienthello_hash == NULL) && - (ctx->hs->clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) == + if ((ctx->hs->tls13.clienthello_hash == NULL) && + (ctx->hs->tls13.clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) == NULL) return 0; @@ -521,7 +515,7 @@ tls13_clienthello_hash_init(struct tls13_ctx *ctx) } void -tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) +tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) /* XXX */ { EVP_MD_CTX_free(hs->clienthello_md_ctx); hs->clienthello_md_ctx = NULL; @@ -533,7 +527,7 @@ int tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data, size_t len) { - return EVP_DigestUpdate(ctx->hs->clienthello_md_ctx, data, len); + return EVP_DigestUpdate(ctx->hs->tls13.clienthello_md_ctx, data, len); } int @@ -546,12 +540,12 @@ tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs) int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx) { - if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, - ctx->hs->clienthello_hash, - &ctx->hs->clienthello_hash_len)) + if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx, + ctx->hs->tls13.clienthello_hash, + &ctx->hs->tls13.clienthello_hash_len)) return 0; - EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); - ctx->hs->clienthello_md_ctx = NULL; + EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx); + ctx->hs->tls13.clienthello_md_ctx = NULL; return 1; } @@ -561,21 +555,90 @@ tls13_clienthello_hash_validate(struct tls13_ctx *ctx) unsigned char new_ch_hash[EVP_MAX_MD_SIZE]; unsigned int new_ch_hash_len; - if (ctx->hs->clienthello_hash == NULL) + if (ctx->hs->tls13.clienthello_hash == NULL) return 0; - if (!EVP_DigestFinal_ex(ctx->hs->clienthello_md_ctx, + if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx, new_ch_hash, &new_ch_hash_len)) return 0; - EVP_MD_CTX_free(ctx->hs->clienthello_md_ctx); - ctx->hs->clienthello_md_ctx = NULL; + EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx); + ctx->hs->tls13.clienthello_md_ctx = NULL; - if (ctx->hs->clienthello_hash_len != new_ch_hash_len) + if (ctx->hs->tls13.clienthello_hash_len != new_ch_hash_len) return 0; - if (memcmp(ctx->hs->clienthello_hash, new_ch_hash, + if (memcmp(ctx->hs->tls13.clienthello_hash, new_ch_hash, new_ch_hash_len) != 0) return 0; return 1; } +int +tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, + const uint8_t *context_value, size_t context_value_len, uint8_t *out, + size_t out_len) +{ + struct tls13_secret context, export_out, export_secret; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; + EVP_MD_CTX *md_ctx = NULL; + unsigned int md_out_len; + int md_len; + int ret = 0; + + /* + * RFC 8446 Section 7.5. + */ + + memset(&context, 0, sizeof(context)); + memset(&export_secret, 0, sizeof(export_secret)); + + export_out.data = out; + export_out.len = out_len; + + if (!ctx->handshake_completed) + return 0; + + md_len = EVP_MD_size(secrets->digest); + if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE) + goto err; + + if (!tls13_secret_init(&export_secret, md_len)) + goto err; + if (!tls13_secret_init(&context, md_len)) + goto err; + + /* In TLSv1.3 no context is equivalent to an empty context. */ + if (context_value == NULL) { + context_value = ""; + context_value_len = 0; + } + + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; + if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL)) + goto err; + if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len)) + goto err; + if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len)) + goto err; + if (md_len != md_out_len) + goto err; + + if (!tls13_derive_secret_with_label_length(&export_secret, + secrets->digest, &secrets->exporter_master, label, label_len, + &secrets->empty_hash)) + goto err; + + if (!tls13_hkdf_expand_label(&export_out, secrets->digest, + &export_secret, "exporter", &context)) + goto err; + + ret = 1; + + err: + EVP_MD_CTX_free(md_ctx); + tls13_secret_cleanup(&context); + tls13_secret_cleanup(&export_secret); + + return ret; +} diff --git a/externals/libressl/ssl/tls13_record.c b/externals/libressl/ssl/tls13_record.c index c856932b4..2c744668e 100755 --- a/externals/libressl/ssl/tls13_record.c +++ b/externals/libressl/ssl/tls13_record.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record.c,v 1.6 2020/05/11 18:08:11 jsing Exp $ */ +/* $OpenBSD: tls13_record.c,v 1.9 2021/10/23 13:12:14 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -15,8 +15,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ssl_locl.h" - #include "tls13_internal.h" #include "tls13_record.h" @@ -28,7 +26,7 @@ struct tls13_record { size_t data_len; CBS cbs; - struct tls13_buffer *buf; + struct tls_buffer *buf; }; struct tls13_record * @@ -38,7 +36,7 @@ tls13_record_new(void) if ((rec = calloc(1, sizeof(struct tls13_record))) == NULL) goto err; - if ((rec->buf = tls13_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL) + if ((rec->buf = tls_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL) goto err; return rec; @@ -55,7 +53,7 @@ tls13_record_free(struct tls13_record *rec) if (rec == NULL) return; - tls13_buffer_free(rec->buf); + tls_buffer_free(rec->buf); freezero(rec->data, rec->data_len); freezero(rec, sizeof(struct tls13_record)); @@ -120,7 +118,7 @@ tls13_record_set_data(struct tls13_record *rec, uint8_t *data, size_t data_len) } ssize_t -tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, +tls13_record_recv(struct tls13_record *rec, tls_read_cb wire_read, void *wire_arg) { uint16_t rec_len, rec_version; @@ -132,11 +130,11 @@ tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, return TLS13_IO_FAILURE; if (rec->content_type == 0) { - if ((ret = tls13_buffer_extend(rec->buf, + if ((ret = tls_buffer_extend(rec->buf, TLS13_RECORD_HEADER_LEN, wire_read, wire_arg)) <= 0) return ret; - tls13_buffer_cbs(rec->buf, &cbs); + tls_buffer_cbs(rec->buf, &cbs); if (!CBS_get_u8(&cbs, &content_type)) return TLS13_IO_FAILURE; @@ -155,18 +153,18 @@ tls13_record_recv(struct tls13_record *rec, tls13_read_cb wire_read, rec->rec_len = rec_len; } - if ((ret = tls13_buffer_extend(rec->buf, + if ((ret = tls_buffer_extend(rec->buf, TLS13_RECORD_HEADER_LEN + rec->rec_len, wire_read, wire_arg)) <= 0) return ret; - if (!tls13_buffer_finish(rec->buf, &rec->data, &rec->data_len)) + if (!tls_buffer_finish(rec->buf, &rec->data, &rec->data_len)) return TLS13_IO_FAILURE; return rec->data_len; } ssize_t -tls13_record_send(struct tls13_record *rec, tls13_write_cb wire_write, +tls13_record_send(struct tls13_record *rec, tls_write_cb wire_write, void *wire_arg) { ssize_t ret; diff --git a/externals/libressl/ssl/tls13_record.h b/externals/libressl/ssl/tls13_record.h index 400153ba7..18e4fa1ab 100755 --- a/externals/libressl/ssl/tls13_record.h +++ b/externals/libressl/ssl/tls13_record.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record.h,v 1.3 2019/01/21 00:24:19 jsing Exp $ */ +/* $OpenBSD: tls13_record.h,v 1.5 2021/10/23 13:12:14 jsing Exp $ */ /* * Copyright (c) 2019 Joel Sing * @@ -19,7 +19,6 @@ #define HEADER_TLS13_RECORD_H #include "bytestring.h" -#include "tls13_internal.h" __BEGIN_HIDDEN_DECLS @@ -57,9 +56,9 @@ int tls13_record_content(struct tls13_record *_rec, CBS *_cbs); void tls13_record_data(struct tls13_record *_rec, CBS *_cbs); int tls13_record_set_data(struct tls13_record *_rec, uint8_t *_data, size_t _data_len); -ssize_t tls13_record_recv(struct tls13_record *_rec, tls13_read_cb _wire_read, +ssize_t tls13_record_recv(struct tls13_record *_rec, tls_read_cb _wire_read, void *_wire_arg); -ssize_t tls13_record_send(struct tls13_record *_rec, tls13_write_cb _wire_write, +ssize_t tls13_record_send(struct tls13_record *_rec, tls_write_cb _wire_write, void *_wire_arg); __END_HIDDEN_DECLS diff --git a/externals/libressl/ssl/tls13_record_layer.c b/externals/libressl/ssl/tls13_record_layer.c index 1d75d9e5a..c68ee3b3a 100755 --- a/externals/libressl/ssl/tls13_record_layer.c +++ b/externals/libressl/ssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.53 2020/09/11 15:03:36 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.67 2022/01/14 09:12:15 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -15,16 +15,50 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ssl_locl.h" - #include "tls13_internal.h" #include "tls13_record.h" +#include "tls_content.h" static ssize_t tls13_record_layer_write_chunk(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *buf, size_t n); static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len); +struct tls13_record_protection { + EVP_AEAD_CTX *aead_ctx; + struct tls13_secret iv; + struct tls13_secret nonce; + uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; +}; + +struct tls13_record_protection * +tls13_record_protection_new(void) +{ + return calloc(1, sizeof(struct tls13_record_protection)); +} + +void +tls13_record_protection_clear(struct tls13_record_protection *rp) +{ + EVP_AEAD_CTX_free(rp->aead_ctx); + + tls13_secret_cleanup(&rp->iv); + tls13_secret_cleanup(&rp->nonce); + + memset(rp, 0, sizeof(*rp)); +} + +void +tls13_record_protection_free(struct tls13_record_protection *rp) +{ + if (rp == NULL) + return; + + tls13_record_protection_clear(rp); + + freezero(rp, sizeof(struct tls13_record_protection)); +} + struct tls13_record_layer { uint16_t legacy_version; @@ -66,39 +100,20 @@ struct tls13_record_layer { uint8_t *phh_data; size_t phh_len; - /* Buffer containing plaintext from opened records. */ - uint8_t rbuf_content_type; - uint8_t *rbuf; - size_t rbuf_len; - CBS rbuf_cbs; + /* Content from opened records. */ + struct tls_content *rcontent; /* Record protection. */ const EVP_MD *hash; const EVP_AEAD *aead; - EVP_AEAD_CTX read_aead_ctx; - EVP_AEAD_CTX write_aead_ctx; - struct tls13_secret read_iv; - struct tls13_secret write_iv; - struct tls13_secret read_nonce; - struct tls13_secret write_nonce; - uint8_t read_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; - uint8_t write_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; + struct tls13_record_protection *read; + struct tls13_record_protection *write; /* Callbacks. */ struct tls13_record_layer_callbacks cb; void *cb_arg; }; -static void -tls13_record_layer_rbuf_free(struct tls13_record_layer *rl) -{ - CBS_init(&rl->rbuf_cbs, NULL, 0); - freezero(rl->rbuf, rl->rbuf_len); - rl->rbuf = NULL; - rl->rbuf_len = 0; - rl->rbuf_content_type = 0; -} - static void tls13_record_layer_rrec_free(struct tls13_record_layer *rl) { @@ -120,13 +135,26 @@ tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks, struct tls13_record_layer *rl; if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL) - return NULL; + goto err; + + if ((rl->rcontent = tls_content_new()) == NULL) + goto err; + + if ((rl->read = tls13_record_protection_new()) == NULL) + goto err; + if ((rl->write = tls13_record_protection_new()) == NULL) + goto err; rl->legacy_version = TLS1_2_VERSION; rl->cb = *callbacks; rl->cb_arg = cb_arg; return rl; + + err: + tls13_record_layer_free(rl); + + return NULL; } void @@ -135,26 +163,24 @@ tls13_record_layer_free(struct tls13_record_layer *rl) if (rl == NULL) return; - tls13_record_layer_rbuf_free(rl); - tls13_record_layer_rrec_free(rl); tls13_record_layer_wrec_free(rl); - EVP_AEAD_CTX_cleanup(&rl->read_aead_ctx); - EVP_AEAD_CTX_cleanup(&rl->write_aead_ctx); + freezero(rl->alert_data, rl->alert_len); + freezero(rl->phh_data, rl->phh_len); - freezero(rl->read_iv.data, rl->read_iv.len); - freezero(rl->write_iv.data, rl->write_iv.len); - freezero(rl->read_nonce.data, rl->read_nonce.len); - freezero(rl->write_nonce.data, rl->write_nonce.len); + tls_content_free(rl->rcontent); + + tls13_record_protection_free(rl->read); + tls13_record_protection_free(rl->write); freezero(rl, sizeof(struct tls13_record_layer)); } void -tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs) +tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs) { - CBS_dup(&rl->rbuf_cbs, cbs); + CBS_dup(tls_content_cbs(rl->rcontent), cbs); } static const uint8_t tls13_max_seq_num[TLS13_RECORD_SEQ_NUM_LEN] = { @@ -257,22 +283,18 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl) * will result in one of three things - continuation (user_cancelled), * read channel closure (close_notify) or termination (all others). */ - if (rl->rbuf == NULL) + if (tls_content_type(rl->rcontent) != SSL3_RT_ALERT) return TLS13_IO_FAILURE; - if (rl->rbuf_content_type != SSL3_RT_ALERT) - return TLS13_IO_FAILURE; - - if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level)) + if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_level)) + return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); + if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_desc)) return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc)) + if (tls_content_remaining(rl->rcontent) != 0) return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - if (CBS_len(&rl->rbuf_cbs) != 0) - return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR); - - tls13_record_layer_rbuf_free(rl); + tls_content_clear(rl->rcontent); /* * Alert level is ignored for closure alerts (RFC 8446 section 6.1), @@ -383,7 +405,7 @@ tls13_record_layer_send_pending(struct tls13_record_layer *rl) } static ssize_t -tls13_record_layer_alert(struct tls13_record_layer *rl, +tls13_record_layer_enqueue_alert(struct tls13_record_layer *rl, uint8_t alert_level, uint8_t alert_desc) { CBB cbb; @@ -427,49 +449,38 @@ tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs) } static int -tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx, - const EVP_MD *hash, struct tls13_secret *iv, struct tls13_secret *nonce, - struct tls13_secret *traffic_key) +tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash, + struct tls13_record_protection *rp, struct tls13_secret *traffic_key) { struct tls13_secret context = { .data = "", .len = 0 }; struct tls13_secret key = { .data = NULL, .len = 0 }; int ret = 0; - EVP_AEAD_CTX_cleanup(aead_ctx); + tls13_record_protection_clear(rp); - freezero(iv->data, iv->len); - iv->data = NULL; - iv->len = 0; + if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL) + return 0; - freezero(nonce->data, nonce->len); - nonce->data = NULL; - nonce->len = 0; - - if ((iv->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) + if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead))) goto err; - iv->len = EVP_AEAD_nonce_length(aead); - - if ((nonce->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) + if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead))) goto err; - nonce->len = EVP_AEAD_nonce_length(aead); - - if ((key.data = calloc(1, EVP_AEAD_key_length(aead))) == NULL) + if (!tls13_secret_init(&key, EVP_AEAD_key_length(aead))) goto err; - key.len = EVP_AEAD_key_length(aead); - if (!tls13_hkdf_expand_label(iv, hash, traffic_key, "iv", &context)) + if (!tls13_hkdf_expand_label(&rp->iv, hash, traffic_key, "iv", &context)) goto err; if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context)) goto err; - if (!EVP_AEAD_CTX_init(aead_ctx, aead, key.data, key.len, + if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len, EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) goto err; ret = 1; err: - freezero(key.data, key.len); + tls13_secret_cleanup(&key); return ret; } @@ -478,20 +489,16 @@ int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, struct tls13_secret *read_key) { - memset(rl->read_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN); - - return tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx, - rl->hash, &rl->read_iv, &rl->read_nonce, read_key); + return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, + rl->read, read_key); } int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, struct tls13_secret *write_key) { - memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN); - - return tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx, - rl->hash, &rl->write_iv, &rl->write_nonce, write_key); + return tls13_record_layer_set_traffic_key(rl->aead, rl->hash, + rl->write, write_key); } static int @@ -514,23 +521,17 @@ tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl) return 0; } - tls13_record_layer_rbuf_free(rl); - - if (!CBS_stow(&cbs, &rl->rbuf, &rl->rbuf_len)) + if (!tls_content_dup_data(rl->rcontent, + tls13_record_content_type(rl->rrec), CBS_data(&cbs), CBS_len(&cbs))) return 0; - rl->rbuf_content_type = tls13_record_content_type(rl->rrec); - - CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); - return 1; } static int tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) { - CBS header, enc_record; - ssize_t inner_len; + CBS header, enc_record, inner; uint8_t *content = NULL; size_t content_len = 0; uint8_t content_type; @@ -548,13 +549,13 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) goto err; content_len = CBS_len(&enc_record); - if (!tls13_record_layer_update_nonce(&rl->read_nonce, &rl->read_iv, - rl->read_seq_num)) + if (!tls13_record_layer_update_nonce(&rl->read->nonce, &rl->read->iv, + rl->read->seq_num)) goto err; - if (!EVP_AEAD_CTX_open(&rl->read_aead_ctx, + if (!EVP_AEAD_CTX_open(rl->read->aead_ctx, content, &out_len, content_len, - rl->read_nonce.data, rl->read_nonce.len, + rl->read->nonce.data, rl->read->nonce.len, CBS_data(&enc_record), CBS_len(&enc_record), CBS_data(&header), CBS_len(&header))) goto err; @@ -564,7 +565,7 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) goto err; } - if (!tls13_record_layer_inc_seq_num(rl->read_seq_num)) + if (!tls13_record_layer_inc_seq_num(rl->read->seq_num)) goto err; /* @@ -572,28 +573,24 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) * it may be followed by padding that consists of one or more zeroes. * Time to hunt for that elusive content type! */ - /* XXX - CBS from end? CBS_get_end_u8()? */ - inner_len = out_len - 1; - while (inner_len >= 0 && content[inner_len] == 0) - inner_len--; - if (inner_len < 0) { + CBS_init(&inner, content, out_len); + content_type = 0; + while (CBS_get_last_u8(&inner, &content_type)) { + if (content_type != 0) + break; + } + if (content_type == 0) { /* Unexpected message per RFC 8446 section 5.4. */ rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; goto err; } - if (inner_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) { + if (CBS_len(&inner) > TLS13_RECORD_MAX_PLAINTEXT_LEN) { rl->alert = TLS13_ALERT_RECORD_OVERFLOW; goto err; } - content_type = content[inner_len]; - tls13_record_layer_rbuf_free(rl); - - rl->rbuf_content_type = content_type; - rl->rbuf = content; - rl->rbuf_len = inner_len; - - CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); + tls_content_set_data(rl->rcontent, content_type, CBS_data(&inner), + CBS_len(&inner)); return 1; @@ -725,8 +722,8 @@ tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, if (!CBB_finish(&cbb, &data, &data_len)) goto err; - if (!tls13_record_layer_update_nonce(&rl->write_nonce, - &rl->write_iv, rl->write_seq_num)) + if (!tls13_record_layer_update_nonce(&rl->write->nonce, + &rl->write->iv, rl->write->seq_num)) goto err; /* @@ -734,16 +731,16 @@ tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, * this would avoid a copy since the inner would be passed as two * separate pieces. */ - if (!EVP_AEAD_CTX_seal(&rl->write_aead_ctx, + if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx, enc_record, &out_len, enc_record_len, - rl->write_nonce.data, rl->write_nonce.len, + rl->write->nonce.data, rl->write->nonce.len, inner, inner_len, header, header_len)) goto err; if (out_len != enc_record_len) goto err; - if (!tls13_record_layer_inc_seq_num(rl->write_seq_num)) + if (!tls13_record_layer_inc_seq_num(rl->write->seq_num)) goto err; if (!tls13_record_set_data(rl->wrec, data, data_len)) @@ -798,7 +795,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) if ((rl->rrec = tls13_record_new()) == NULL) goto err; } - + if ((ret = tls13_record_recv(rl->rrec, rl->cb.wire_read, rl->cb_arg)) <= 0) { switch (ret) { case TLS13_IO_RECORD_VERSION: @@ -808,13 +805,19 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) } return ret; } - - if (rl->legacy_version == TLS1_2_VERSION && - tls13_record_version(rl->rrec) != TLS1_2_VERSION) - return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION); - + content_type = tls13_record_content_type(rl->rrec); + /* + * In response to a client hello we may receive an alert in a + * record with a legacy version. Otherwise enforce that the + * legacy record version is 0x0303 per RFC 8446, section 5.1. + */ + if (rl->legacy_version == TLS1_2_VERSION && + tls13_record_version(rl->rrec) != TLS1_2_VERSION && + (content_type != SSL3_RT_ALERT || !rl->legacy_alerts_allowed)) + return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION); + /* * Bag of hacks ahead... after the first ClientHello message has been * sent or received and before the peer's Finished message has been @@ -854,12 +857,12 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) * we must terminate the connection with an unexpected_message alert. * See RFC 8446 section 5.4. */ - if (CBS_len(&rl->rbuf_cbs) == 0 && - (rl->rbuf_content_type == SSL3_RT_ALERT || - rl->rbuf_content_type == SSL3_RT_HANDSHAKE)) + if (tls_content_remaining(rl->rcontent) == 0 && + (tls_content_type(rl->rcontent) == SSL3_RT_ALERT || + tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE)) return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); - switch (rl->rbuf_content_type) { + switch (tls_content_type(rl->rcontent)) { case SSL3_RT_ALERT: return tls13_record_layer_process_alert(rl); @@ -884,10 +887,10 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl) static ssize_t tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type) { - if (rl->rbuf_content_type != content_type) + if (tls_content_type(rl->rcontent) != content_type) return 0; - return CBS_len(&rl->rbuf_cbs); + return tls_content_remaining(rl->rcontent); } static ssize_t @@ -906,9 +909,9 @@ tls13_record_layer_recv_phh(struct tls13_record_layer *rl) * TLS13_IO_FAILURE something broke. */ if (rl->cb.phh_recv != NULL) - ret = rl->cb.phh_recv(rl->cb_arg, &rl->rbuf_cbs); + ret = rl->cb.phh_recv(rl->cb_arg, tls_content_cbs(rl->rcontent)); - tls13_record_layer_rbuf_free(rl); + tls_content_clear(rl->rcontent); /* Leave post handshake handshake mode unless we need more data. */ if (ret != TLS13_IO_WANT_POLLIN) @@ -937,7 +940,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl, return TLS13_IO_EOF; /* If necessary, pull up the next record. */ - if (CBS_len(&rl->rbuf_cbs) == 0) { + if (tls_content_remaining(rl->rcontent) == 0) { if ((ret = tls13_record_layer_read_record(rl)) <= 0) return ret; @@ -945,17 +948,15 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl, * We may have read a valid 0-byte application data record, * in which case we need to read the next record. */ - if (CBS_len(&rl->rbuf_cbs) == 0) { - tls13_record_layer_rbuf_free(rl); + if (tls_content_remaining(rl->rcontent) == 0) return TLS13_IO_WANT_POLLIN; - } } /* * If we are in post handshake handshake mode, we must not see * any record type that isn't a handshake until we are done. */ - if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE) + if (rl->phh && tls_content_type(rl->rcontent) != SSL3_RT_HANDSHAKE) return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); /* @@ -964,32 +965,18 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl, * be trying to read application data and need to handle a * post-handshake handshake message instead... */ - if (rl->rbuf_content_type != content_type) { - if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) { + if (tls_content_type(rl->rcontent) != content_type) { + if (tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE) { if (rl->handshake_completed) return tls13_record_layer_recv_phh(rl); } return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE); } - if (n > CBS_len(&rl->rbuf_cbs)) - n = CBS_len(&rl->rbuf_cbs); + if (peek) + return tls_content_peek(rl->rcontent, buf, n); - /* XXX - CBS_memcpy? CBS_copy_bytes? */ - memcpy(buf, CBS_data(&rl->rbuf_cbs), n); - - if (!peek) { - if (!CBS_skip(&rl->rbuf_cbs, n)) - goto err; - } - - if (CBS_len(&rl->rbuf_cbs) == 0) - tls13_record_layer_rbuf_free(rl); - - return n; - - err: - return TLS13_IO_FAILURE; + return tls_content_read(rl->rcontent, buf, n); } static ssize_t @@ -1113,6 +1100,12 @@ tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type, return ret; } +ssize_t +tls13_record_layer_flush(struct tls13_record_layer *rl) +{ + return rl->cb.wire_flush(rl->cb_arg); +} + static const uint8_t tls13_dummy_ccs[] = { 0x01 }; ssize_t @@ -1193,7 +1186,8 @@ tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc) alert_level = TLS13_ALERT_LEVEL_WARNING; do { - ret = tls13_record_layer_alert(rl, alert_level, alert_desc); + ret = tls13_record_layer_enqueue_alert(rl, alert_level, + alert_desc); } while (ret == TLS13_IO_WANT_RETRY); return ret; diff --git a/externals/libressl/ssl/tls13_server.c b/externals/libressl/ssl/tls13_server.c index a5c03b610..4ac84a808 100755 --- a/externals/libressl/ssl/tls13_server.c +++ b/externals/libressl/ssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.61 2020/07/03 04:12:51 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.96 2022/02/03 16:33:12 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -19,8 +19,8 @@ #include #include "ssl_locl.h" +#include "ssl_sigalgs.h" #include "ssl_tlsext.h" - #include "tls13_handshake.h" #include "tls13_internal.h" @@ -29,12 +29,12 @@ tls13_server_init(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - if (!ssl_supported_version_range(s, &ctx->hs->min_version, - &ctx->hs->max_version)) { + if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version, + &ctx->hs->our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return 0; } - s->version = ctx->hs->max_version; + s->version = ctx->hs->our_max_tls_version; tls13_record_layer_set_retry_after_phh(ctx->rl, (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); @@ -99,7 +99,7 @@ tls13_client_hello_is_legacy(CBS *cbs) int tls13_client_hello_required_extensions(struct tls13_ctx *ctx) { - SSL *ssl = ctx->ssl; + SSL *s = ctx->ssl; /* * RFC 8446, section 9.2. If the ClientHello has supported_versions @@ -111,10 +111,10 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) * If we got no pre_shared_key, then signature_algorithms and * supported_groups must both be present. */ - if (!tlsext_extension_seen(ssl, TLSEXT_TYPE_pre_shared_key)) { - if (!tlsext_extension_seen(ssl, TLSEXT_TYPE_signature_algorithms)) + if (!tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { + if (!tlsext_extension_seen(s, TLSEXT_TYPE_signature_algorithms)) return 0; - if (!tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups)) + if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) return 0; } @@ -122,8 +122,8 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) * supported_groups and key_share must either both be present or * both be absent. */ - if (tlsext_extension_seen(ssl, TLSEXT_TYPE_supported_groups) != - tlsext_extension_seen(ssl, TLSEXT_TYPE_key_share)) + if (tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups) != + tlsext_extension_seen(s, TLSEXT_TYPE_key_share)) return 0; /* @@ -163,6 +163,11 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; return tls13_use_legacy_server(ctx); } + ctx->hs->negotiated_tls_version = TLS1_3_VERSION; + ctx->hs->peer_legacy_version = legacy_version; + + /* Ensure we send subsequent alerts with the correct record version. */ + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); /* Add decoded values to the current ClientHello hash */ if (!tls13_clienthello_hash_init(ctx)) { @@ -197,7 +202,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } /* Finalize first ClientHello hash, or validate against it */ - if (!ctx->hs->hrr) { + if (!ctx->hs->tls13.hrr) { if (!tls13_clienthello_hash_finalize(ctx)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; goto err; @@ -207,7 +212,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - tls13_clienthello_hash_clear(ctx->hs); + tls13_clienthello_hash_clear(&ctx->hs->tls13); } if (!tls13_client_hello_required_extensions(ctx)) { @@ -225,13 +230,13 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } /* Store legacy session identifier so we can echo it. */ - if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) { + if (CBS_len(&session_id) > sizeof(ctx->hs->tls13.legacy_session_id)) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id, - sizeof(ctx->hs->legacy_session_id), - &ctx->hs->legacy_session_id_len)) { + if (!CBS_write_bytes(&session_id, ctx->hs->tls13.legacy_session_id, + sizeof(ctx->hs->tls13.legacy_session_id), + &ctx->hs->tls13.legacy_session_id_len)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; goto err; } @@ -248,7 +253,11 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; goto err; } - S3I(s)->hs.new_cipher = cipher; + ctx->hs->cipher = cipher; + + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + ciphers = NULL; /* Ensure only the NULL compression method is advertised. */ if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only, @@ -274,11 +283,9 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; /* See if we switched back to the legacy client method. */ - if (s->method->internal->version < TLS1_3_VERSION) + if (s->method->version < TLS1_3_VERSION) return 1; - tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); - /* * If a matching key share was provided, we do not need to send a * HelloRetryRequest. @@ -309,7 +316,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) SSL *s = ctx->ssl; uint16_t cipher; - cipher = SSL_CIPHER_get_value(S3I(s)->hs.new_cipher); + cipher = SSL_CIPHER_get_value(ctx->hs->cipher); server_random = s->s3->server_random; if (hrr) { @@ -323,8 +330,8 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) goto err; if (!CBB_add_u8_length_prefixed(cbb, &session_id)) goto err; - if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id, - ctx->hs->legacy_session_id_len)) + if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id, + ctx->hs->tls13.legacy_session_id_len)) goto err; if (!CBB_add_u16(cbb, cipher)) goto err; @@ -337,7 +344,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) goto err; return 1; -err: + err: return 0; } @@ -353,20 +360,20 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) SSL *s = ctx->ssl; int ret = 0; - if (!tls13_key_share_derive(ctx->hs->key_share, - &shared_key, &shared_key_len)) + if (!tls_key_share_derive(ctx->hs->key_share, &shared_key, + &shared_key_len)) goto err; - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = ctx->hs->cipher; - if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL) goto err; - if ((ctx->hash = tls13_cipher_hash(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL) goto err; if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) goto err; - ctx->hs->secrets = secrets; + ctx->hs->tls13.secrets = secrets; /* XXX - pass in hash. */ if (!tls1_transcript_hash_init(s)) @@ -383,7 +390,7 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) goto err; /* Handshake secrets. */ - if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, + if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key, shared_key_len, &context)) goto err; @@ -413,7 +420,7 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) { int nid; - ctx->hs->hrr = 1; + ctx->hs->tls13.hrr = 1; if (!tls13_synthetic_handshake_message(ctx)) return 0; @@ -422,7 +429,7 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) return 0; if ((nid = tls1_get_shared_curve(ctx->ssl)) == NID_undef) return 0; - if ((ctx->hs->server_group = tls1_ec_nid2curve_id(nid)) == 0) + if ((ctx->hs->tls13.server_group = tls1_ec_nid2curve_id(nid)) == 0) return 0; if (!tls13_server_hello_build(ctx, cbb, 1)) @@ -439,7 +446,7 @@ tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx) * we MUST send a dummy CCS following our first handshake message. * See RFC 8446 Appendix D.4. */ - if (ctx->hs->legacy_session_id_len > 0) + if (ctx->hs->tls13.legacy_session_id_len > 0) ctx->send_dummy_ccs_after = 1; return 1; @@ -454,10 +461,10 @@ tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) return 0; /* XXX - need further checks. */ - if (s->method->internal->version < TLS1_3_VERSION) + if (s->method->version < TLS1_3_VERSION) return 0; - ctx->hs->hrr = 0; + ctx->hs->tls13.hrr = 0; return 1; } @@ -480,12 +487,12 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { if (ctx->hs->key_share == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_generate(ctx->hs->key_share)) return 0; if (!tls13_servername_process(ctx)) return 0; - ctx->hs->server_group = 0; + ctx->hs->tls13.server_group = 0; if (!tls13_server_hello_build(ctx, cbb, 0)) return 0; @@ -502,7 +509,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) * See RFC 8446 Appendix D.4. */ if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) && - ctx->hs->legacy_session_id_len > 0) + ctx->hs->tls13.legacy_session_id_len > 0) ctx->send_dummy_ccs_after = 1; return tls13_server_engage_record_protection(ctx); @@ -538,7 +545,7 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) } static int -tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, +tls13_server_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk, int *ok, const struct ssl_sigalg **out_sigalg) { const struct ssl_sigalg *sigalg; @@ -550,15 +557,11 @@ tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, if (cpk->x509 == NULL || cpk->privatekey == NULL) goto done; - if (!X509_check_purpose(cpk->x509, -1, 0)) - return 0; - /* * The digitalSignature bit MUST be set if the Key Usage extension is * present as per RFC 8446 section 4.4.2.2. */ - if ((cpk->x509->ex_flags & EXFLAG_KUSAGE) && - !(cpk->x509->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) + if (!(X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)) goto done; if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL) @@ -572,12 +575,12 @@ tls13_server_check_certificate(struct tls13_ctx *ctx, CERT_PKEY *cpk, } static int -tls13_server_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk, +tls13_server_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk, const struct ssl_sigalg **out_sigalg) { SSL *s = ctx->ssl; const struct ssl_sigalg *sigalg; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; int cert_ok; *out_cpk = NULL; @@ -611,8 +614,9 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) SSL *s = ctx->ssl; CBB cert_request_context, cert_list; const struct ssl_sigalg *sigalg; + X509_STORE_CTX *xsc = NULL; STACK_OF(X509) *chain; - CERT_PKEY *cpk; + SSL_CERT_PKEY *cpk; X509 *cert; int i, ret = 0; @@ -627,12 +631,24 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) goto err; } - ctx->hs->cpk = cpk; - ctx->hs->sigalg = sigalg; + ctx->hs->tls13.cpk = cpk; + ctx->hs->our_sigalg = sigalg; if ((chain = cpk->chain) == NULL) chain = s->ctx->extra_certs; + if (chain == NULL && !(s->internal->mode & SSL_MODE_NO_AUTO_CHAIN)) { + if ((xsc = X509_STORE_CTX_new()) == NULL) + goto err; + if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL)) + goto err; + X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xsc), + X509_V_FLAG_LEGACY_VERIFY); + X509_verify_cert(xsc); + ERR_clear_error(); + chain = X509_STORE_CTX_get0_chain(xsc); + } + if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context)) goto err; if (!CBB_add_u24_length_prefixed(cbb, &cert_list)) @@ -643,10 +659,19 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) for (i = 0; i < sk_X509_num(chain); i++) { cert = sk_X509_value(chain, i); + + /* + * In the case of auto chain, the leaf certificate will be at + * the top of the chain - skip over it as we've already added + * it earlier. + */ + if (i == 0 && cert == cpk->x509) + continue; + /* * XXX we don't send extensions with chain certs to avoid sending - * a leaf ocsp stape with the chain certs. This needs to get - * fixed + * a leaf ocsp staple with the chain certs. This needs to get + * fixed. */ if (!tls13_cert_add(ctx, &cert_list, cert, NULL)) goto err; @@ -658,6 +683,8 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) ret = 1; err: + X509_STORE_CTX_free(xsc); + return ret; } @@ -670,15 +697,15 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; - const CERT_PKEY *cpk; + const SSL_CERT_PKEY *cpk; CBB sig_cbb; int ret = 0; memset(&sig_cbb, 0, sizeof(sig_cbb)); - if ((cpk = ctx->hs->cpk) == NULL) + if ((cpk = ctx->hs->tls13.cpk) == NULL) goto err; - if ((sigalg = ctx->hs->sigalg) == NULL) + if ((sigalg = ctx->hs->our_sigalg) == NULL) goto err; pkey = cpk->privatekey; @@ -692,8 +719,8 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) goto err; if (!CBB_add_u8(&sig_cbb, 0)) goto err; - if (!CBB_add_bytes(&sig_cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len)) goto err; @@ -744,20 +771,20 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key; + struct tls13_secret finished_key = { .data = NULL, .len = 0 } ; uint8_t transcript_hash[EVP_MAX_MD_SIZE]; size_t transcript_hash_len; - uint8_t key[EVP_MAX_MD_SIZE]; uint8_t *verify_data; - size_t hmac_len; + size_t verify_data_len; unsigned int hlen; HMAC_CTX *hmac_ctx = NULL; + CBS cbs; int ret = 0; - finished_key.data = key; - finished_key.len = EVP_MD_size(ctx->hash); + if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) + goto err; if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, &secrets->server_handshake_traffic, "finished", @@ -776,17 +803,23 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) goto err; - hmac_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(cbb, &verify_data, hmac_len)) + verify_data_len = HMAC_size(hmac_ctx); + if (!CBB_add_space(cbb, &verify_data, verify_data_len)) goto err; if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) goto err; - if (hlen != hmac_len) + if (hlen != verify_data_len) + goto err; + + CBS_init(&cbs, verify_data, verify_data_len); + if (!CBS_write_bytes(&cbs, ctx->hs->finished, + sizeof(ctx->hs->finished), &ctx->hs->finished_len)) goto err; ret = 1; err: + tls13_secret_cleanup(&finished_key); HMAC_CTX_free(hmac_ctx); return ret; @@ -795,14 +828,14 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_server_finished_sent(struct tls13_ctx *ctx) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; /* * Derive application traffic keys. */ - context.data = ctx->hs->transcript_hash; - context.len = ctx->hs->transcript_hash_len; + context.data = ctx->hs->tls13.transcript_hash; + context.len = ctx->hs->tls13.transcript_hash_len; if (!tls13_derive_application_secrets(secrets, &context)) return 0; @@ -824,7 +857,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) X509 *cert = NULL; EVP_PKEY *pkey; const uint8_t *p; - int cert_idx; + int cert_type; int ret = 0; if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context)) @@ -875,33 +908,30 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) } ERR_clear_error(); - cert = sk_X509_value(certs, 0); - X509_up_ref(cert); + /* + * Achtung! Due to API inconsistency, a client includes the peer's leaf + * certificate in the stored certificate chain, while a server does not. + */ + cert = sk_X509_shift(certs); if ((pkey = X509_get0_pubkey(cert)) == NULL) goto err; if (EVP_PKEY_missing_parameters(pkey)) goto err; - if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) + if ((cert_type = ssl_cert_type(pkey)) < 0) goto err; - ssl_sess_cert_free(SSI(s)->sess_cert); - if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) - goto err; - - SSI(s)->sess_cert->cert_chain = certs; - certs = NULL; - X509_up_ref(cert); - SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; - SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); + X509_free(s->session->peer_cert); + s->session->peer_cert = cert; + s->session->peer_cert_type = cert_type; - X509_free(s->session->peer); - - X509_up_ref(cert); - s->session->peer = cert; s->session->verify_result = s->verify_result; + sk_X509_pop_free(s->session->cert_chain, X509_free); + s->session->cert_chain = certs; + certs = NULL; + ctx->handshake_stage.hs_type |= WITH_CCV; ret = 1; @@ -934,10 +964,6 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) if (!CBS_get_u16_length_prefixed(cbs, &signature)) goto err; - if ((sigalg = ssl_sigalg(signature_scheme, tls13_sigalgs, - tls13_sigalgs_len)) == NULL) - goto err; - if (!CBB_init(&cbb, 0)) goto err; if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad, @@ -948,18 +974,20 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (!CBB_add_u8(&cbb, 0)) goto err; - if (!CBB_add_bytes(&cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) goto err; - if ((cert = ctx->ssl->session->peer) == NULL) + if ((cert = ctx->ssl->session->peer_cert) == NULL) goto err; if ((pkey = X509_get0_pubkey(cert)) == NULL) goto err; - if (!ssl_sigalg_pkey_ok(sigalg, pkey, 1)) + if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey, + signature_scheme)) == NULL) goto err; + ctx->hs->peer_sigalg = sigalg; if (CBS_len(&signature) > EVP_PKEY_size(pkey)) goto err; @@ -1006,7 +1034,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs) int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; struct tls13_secret finished_key; uint8_t *verify_data = NULL; @@ -1032,8 +1060,8 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, ctx->hash, NULL)) goto err; - if (!HMAC_Update(hmac_ctx, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; verify_data_len = HMAC_size(hmac_ctx); if ((verify_data = calloc(1, verify_data_len)) == NULL) @@ -1048,6 +1076,11 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; } + if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, + sizeof(ctx->hs->peer_finished), + &ctx->hs->peer_finished_len)) + goto err; + if (!CBS_skip(cbs, verify_data_len)) goto err; diff --git a/externals/libressl/ssl/tls_buffer.c b/externals/libressl/ssl/tls_buffer.c new file mode 100755 index 000000000..5c0ca7e40 --- /dev/null +++ b/externals/libressl/ssl/tls_buffer.c @@ -0,0 +1,138 @@ +/* $OpenBSD: tls_buffer.c,v 1.1 2021/10/23 13:12:14 jsing Exp $ */ +/* + * Copyright (c) 2018, 2019 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "bytestring.h" +#include "tls_internal.h" + +struct tls_buffer { + size_t capacity; + uint8_t *data; + size_t len; + size_t offset; +}; + +static int tls_buffer_resize(struct tls_buffer *buf, size_t capacity); + +struct tls_buffer * +tls_buffer_new(size_t init_size) +{ + struct tls_buffer *buf = NULL; + + if ((buf = calloc(1, sizeof(struct tls_buffer))) == NULL) + goto err; + + if (!tls_buffer_resize(buf, init_size)) + goto err; + + return buf; + + err: + tls_buffer_free(buf); + + return NULL; +} + +void +tls_buffer_free(struct tls_buffer *buf) +{ + if (buf == NULL) + return; + + freezero(buf->data, buf->capacity); + freezero(buf, sizeof(struct tls_buffer)); +} + +static int +tls_buffer_resize(struct tls_buffer *buf, size_t capacity) +{ + uint8_t *data; + + if (buf->capacity == capacity) + return 1; + + if ((data = recallocarray(buf->data, buf->capacity, capacity, 1)) == NULL) + return 0; + + buf->data = data; + buf->capacity = capacity; + + return 1; +} + +int +tls_buffer_set_data(struct tls_buffer *buf, CBS *data) +{ + if (!tls_buffer_resize(buf, CBS_len(data))) + return 0; + memcpy(buf->data, CBS_data(data), CBS_len(data)); + return 1; +} + +ssize_t +tls_buffer_extend(struct tls_buffer *buf, size_t len, + tls_read_cb read_cb, void *cb_arg) +{ + ssize_t ret; + + if (len == buf->len) + return buf->len; + + if (len < buf->len) + return TLS_IO_FAILURE; + + if (!tls_buffer_resize(buf, len)) + return TLS_IO_FAILURE; + + for (;;) { + if ((ret = read_cb(&buf->data[buf->len], + buf->capacity - buf->len, cb_arg)) <= 0) + return ret; + + if (ret > buf->capacity - buf->len) + return TLS_IO_FAILURE; + + buf->len += ret; + + if (buf->len == buf->capacity) + return buf->len; + } +} + +void +tls_buffer_cbs(struct tls_buffer *buf, CBS *cbs) +{ + CBS_init(cbs, buf->data, buf->len); +} + +int +tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len) +{ + if (out == NULL || out_len == NULL) + return 0; + + *out = buf->data; + *out_len = buf->len; + + buf->capacity = 0; + buf->data = NULL; + buf->len = 0; + + return 1; +} diff --git a/externals/libressl/ssl/tls_content.c b/externals/libressl/ssl/tls_content.c new file mode 100755 index 000000000..ede178f84 --- /dev/null +++ b/externals/libressl/ssl/tls_content.c @@ -0,0 +1,149 @@ +/* $OpenBSD: tls_content.c,v 1.1 2021/09/04 16:26:12 jsing Exp $ */ +/* + * Copyright (c) 2020 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "tls_content.h" + +/* Content from a TLS record. */ +struct tls_content { + uint8_t type; + uint16_t epoch; + + const uint8_t *data; + size_t len; + CBS cbs; +}; + +struct tls_content * +tls_content_new(void) +{ + return calloc(1, sizeof(struct tls_content)); +} + +void +tls_content_clear(struct tls_content *content) +{ + freezero((void *)content->data, content->len); + memset(content, 0, sizeof(*content)); +} + +void +tls_content_free(struct tls_content *content) +{ + if (content == NULL) + return; + + tls_content_clear(content); + + freezero(content, sizeof(struct tls_content)); +} + +CBS * +tls_content_cbs(struct tls_content *content) +{ + return &content->cbs; +} + +int +tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n) +{ + return CBS_mem_equal(&content->cbs, buf, n); +} + +size_t +tls_content_remaining(struct tls_content *content) +{ + return CBS_len(&content->cbs); +} + +uint8_t +tls_content_type(struct tls_content *content) +{ + return content->type; +} + +int +tls_content_dup_data(struct tls_content *content, uint8_t type, + const uint8_t *data, size_t data_len) +{ + uint8_t *dup; + + if ((dup = calloc(1, data_len)) == NULL) + return 0; + memcpy(dup, data, data_len); + + tls_content_set_data(content, type, dup, data_len); + + return 1; +} + +uint16_t +tls_content_epoch(struct tls_content *content) +{ + return content->epoch; +} + +void +tls_content_set_epoch(struct tls_content *content, uint16_t epoch) +{ + content->epoch = epoch; +} + +void +tls_content_set_data(struct tls_content *content, uint8_t type, + const uint8_t *data, size_t data_len) +{ + tls_content_clear(content); + + content->type = type; + content->data = data; + content->len = data_len; + + CBS_init(&content->cbs, content->data, content->len); +} + +static ssize_t +tls_content_read_internal(struct tls_content *content, uint8_t *buf, size_t n, + int peek) +{ + if (n > CBS_len(&content->cbs)) + n = CBS_len(&content->cbs); + + /* XXX - CBS_memcpy? CBS_copy_bytes? */ + memcpy(buf, CBS_data(&content->cbs), n); + + if (!peek) { + if (!CBS_skip(&content->cbs, n)) + return -1; + } + + return n; +} + +ssize_t +tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n) +{ + return tls_content_read_internal(content, buf, n, 1); +} + +ssize_t +tls_content_read(struct tls_content *content, uint8_t *buf, size_t n) +{ + return tls_content_read_internal(content, buf, n, 0); +} diff --git a/externals/libressl/ssl/tls_content.h b/externals/libressl/ssl/tls_content.h new file mode 100755 index 000000000..173af2a74 --- /dev/null +++ b/externals/libressl/ssl/tls_content.h @@ -0,0 +1,48 @@ +/* $OpenBSD: tls_content.h,v 1.1 2021/09/04 16:26:12 jsing Exp $ */ +/* + * Copyright (c) 2020 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS_CONTENT_H +#define HEADER_TLS_CONTENT_H + +#include "bytestring.h" + +__BEGIN_HIDDEN_DECLS + +struct tls_content; + +struct tls_content *tls_content_new(void); +void tls_content_clear(struct tls_content *content); +void tls_content_free(struct tls_content *content); + +CBS *tls_content_cbs(struct tls_content *content); +int tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n); +size_t tls_content_remaining(struct tls_content *content); +uint8_t tls_content_type(struct tls_content *content); +uint16_t tls_content_epoch(struct tls_content *content); + +int tls_content_dup_data(struct tls_content *content, uint8_t type, + const uint8_t *data, size_t data_len); +void tls_content_set_data(struct tls_content *content, uint8_t type, + const uint8_t *data, size_t data_len); +void tls_content_set_epoch(struct tls_content *content, uint16_t epoch); + +ssize_t tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n); +ssize_t tls_content_read(struct tls_content *content, uint8_t *buf, size_t n); + +__END_HIDDEN_DECLS + +#endif diff --git a/externals/libressl/ssl/tls_internal.h b/externals/libressl/ssl/tls_internal.h new file mode 100755 index 000000000..a009635a0 --- /dev/null +++ b/externals/libressl/ssl/tls_internal.h @@ -0,0 +1,83 @@ +/* $OpenBSD: tls_internal.h,v 1.5 2022/01/11 18:28:41 jsing Exp $ */ +/* + * Copyright (c) 2018, 2019, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS_INTERNAL_H +#define HEADER_TLS_INTERNAL_H + +#include +#include + +#include "bytestring.h" + +__BEGIN_HIDDEN_DECLS + +#define TLS_IO_SUCCESS 1 +#define TLS_IO_EOF 0 +#define TLS_IO_FAILURE -1 +#define TLS_IO_ALERT -2 +#define TLS_IO_WANT_POLLIN -3 +#define TLS_IO_WANT_POLLOUT -4 +#define TLS_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ + +/* + * Callbacks. + */ +typedef ssize_t (*tls_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); +typedef ssize_t (*tls_write_cb)(const void *_buf, size_t _buflen, + void *_cb_arg); +typedef ssize_t (*tls_flush_cb)(void *_cb_arg); + +/* + * Buffers. + */ +struct tls_buffer; + +struct tls_buffer *tls_buffer_new(size_t init_size); +int tls_buffer_set_data(struct tls_buffer *buf, CBS *data); +void tls_buffer_free(struct tls_buffer *buf); +ssize_t tls_buffer_extend(struct tls_buffer *buf, size_t len, + tls_read_cb read_cb, void *cb_arg); +void tls_buffer_cbs(struct tls_buffer *buf, CBS *cbs); +int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len); + +/* + * Key shares. + */ +struct tls_key_share; + +struct tls_key_share *tls_key_share_new(uint16_t group_id); +struct tls_key_share *tls_key_share_new_nid(int nid); +void tls_key_share_free(struct tls_key_share *ks); + +uint16_t tls_key_share_group(struct tls_key_share *ks); +int tls_key_share_nid(struct tls_key_share *ks); +void tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits); +int tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params); +int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey); +int tls_key_share_generate(struct tls_key_share *ks); +int tls_key_share_params(struct tls_key_share *ks, CBB *cbb); +int tls_key_share_public(struct tls_key_share *ks, CBB *cbb); +int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params); +int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key); +int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len); + +__END_HIDDEN_DECLS + +#endif diff --git a/externals/libressl/ssl/tls_key_share.c b/externals/libressl/ssl/tls_key_share.c new file mode 100755 index 000000000..e5e6c304b --- /dev/null +++ b/externals/libressl/ssl/tls_key_share.c @@ -0,0 +1,473 @@ +/* $OpenBSD: tls_key_share.c,v 1.4 2022/01/11 18:28:41 jsing Exp $ */ +/* + * Copyright (c) 2020, 2021 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include + +#include "bytestring.h" +#include "ssl_locl.h" +#include "tls_internal.h" + +struct tls_key_share { + int nid; + uint16_t group_id; + size_t key_bits; + + DH *dhe; + DH *dhe_peer; + + EC_KEY *ecdhe; + EC_KEY *ecdhe_peer; + + uint8_t *x25519_public; + uint8_t *x25519_private; + uint8_t *x25519_peer_public; +}; + +static struct tls_key_share * +tls_key_share_new_internal(int nid, uint16_t group_id) +{ + struct tls_key_share *ks; + + if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL) + return NULL; + + ks->group_id = group_id; + ks->nid = nid; + + return ks; +} + +struct tls_key_share * +tls_key_share_new(uint16_t group_id) +{ + int nid; + + if ((nid = tls1_ec_curve_id2nid(group_id)) == 0) + return NULL; + + return tls_key_share_new_internal(nid, group_id); +} + +struct tls_key_share * +tls_key_share_new_nid(int nid) +{ + uint16_t group_id = 0; + + if (nid != NID_dhKeyAgreement) { + if ((group_id = tls1_ec_nid2curve_id(nid)) == 0) + return NULL; + } + + return tls_key_share_new_internal(nid, group_id); +} + +void +tls_key_share_free(struct tls_key_share *ks) +{ + if (ks == NULL) + return; + + DH_free(ks->dhe); + DH_free(ks->dhe_peer); + + EC_KEY_free(ks->ecdhe); + EC_KEY_free(ks->ecdhe_peer); + + freezero(ks->x25519_public, X25519_KEY_LENGTH); + freezero(ks->x25519_private, X25519_KEY_LENGTH); + freezero(ks->x25519_peer_public, X25519_KEY_LENGTH); + + freezero(ks, sizeof(*ks)); +} + +uint16_t +tls_key_share_group(struct tls_key_share *ks) +{ + return ks->group_id; +} + +int +tls_key_share_nid(struct tls_key_share *ks) +{ + return ks->nid; +} + +void +tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits) +{ + ks->key_bits = key_bits; +} + +int +tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params) +{ + if (ks->nid != NID_dhKeyAgreement) + return 0; + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe = DHparams_dup(dh_params)) == NULL) + return 0; + if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL) + return 0; + + return 1; +} + +int +tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey) +{ + if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL) + return EVP_PKEY_set1_DH(pkey, ks->dhe_peer); + + if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) + return ssl_kex_dummy_ecdhe_x25519(pkey); + + if (ks->ecdhe_peer != NULL) + return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer); + + return 0; +} + +static int +tls_key_share_generate_dhe(struct tls_key_share *ks) +{ + /* + * If auto params are not being used then we must already have DH + * parameters set. + */ + if (ks->key_bits == 0) { + if (ks->dhe == NULL) + return 0; + + return ssl_kex_generate_dhe(ks->dhe, ks->dhe); + } + + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe = DH_new()) == NULL) + return 0; + if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits)) + return 0; + if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL) + return 0; + + return 1; +} + +static int +tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks) +{ + EC_KEY *ecdhe = NULL; + int ret = 0; + + if (ks->ecdhe != NULL) + goto err; + + if ((ecdhe = EC_KEY_new()) == NULL) + goto err; + if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid)) + goto err; + + ks->ecdhe = ecdhe; + ecdhe = NULL; + + ret = 1; + + err: + EC_KEY_free(ecdhe); + + return ret; +} + +static int +tls_key_share_generate_x25519(struct tls_key_share *ks) +{ + uint8_t *public = NULL, *private = NULL; + int ret = 0; + + if (ks->x25519_public != NULL || ks->x25519_private != NULL) + goto err; + + if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + + X25519_keypair(public, private); + + ks->x25519_public = public; + ks->x25519_private = private; + public = NULL; + private = NULL; + + ret = 1; + + err: + freezero(public, X25519_KEY_LENGTH); + freezero(private, X25519_KEY_LENGTH); + + return ret; +} + +int +tls_key_share_generate(struct tls_key_share *ks) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_generate_dhe(ks); + + if (ks->nid == NID_X25519) + return tls_key_share_generate_x25519(ks); + + return tls_key_share_generate_ecdhe_ecp(ks); +} + +static int +tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->dhe == NULL) + return 0; + + return ssl_kex_params_dhe(ks->dhe, cbb); +} + +int +tls_key_share_params(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_params_dhe(ks, cbb); + + return 0; +} + +static int +tls_key_share_public_dhe(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->dhe == NULL) + return 0; + + return ssl_kex_public_dhe(ks->dhe, cbb); +} + +static int +tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->ecdhe == NULL) + return 0; + + return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb); +} + +static int +tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->x25519_public == NULL) + return 0; + + return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); +} + +int +tls_key_share_public(struct tls_key_share *ks, CBB *cbb) +{ + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_public_dhe(ks, cbb); + + if (ks->nid == NID_X25519) + return tls_key_share_public_x25519(ks, cbb); + + return tls_key_share_public_ecdhe_ecp(ks, cbb); +} + +static int +tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params) +{ + if (ks->dhe != NULL || ks->dhe_peer != NULL) + return 0; + + if ((ks->dhe_peer = DH_new()) == NULL) + return 0; + if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error, + invalid_params)) + return 0; + if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL) + return 0; + + return 1; +} + +int +tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_params) +{ + if (ks->nid != NID_dhKeyAgreement) + return 0; + + return tls_key_share_peer_params_dhe(ks, cbs, decode_error, + invalid_params); +} + +static int +tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key) +{ + if (ks->dhe_peer == NULL) + return 0; + + return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error, + invalid_key); +} + +static int +tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs) +{ + EC_KEY *ecdhe = NULL; + int ret = 0; + + if (ks->ecdhe_peer != NULL) + goto err; + + if ((ecdhe = EC_KEY_new()) == NULL) + goto err; + if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs)) + goto err; + + ks->ecdhe_peer = ecdhe; + ecdhe = NULL; + + ret = 1; + + err: + EC_KEY_free(ecdhe); + + return ret; +} + +static int +tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs, + int *decode_error) +{ + size_t out_len; + + *decode_error = 0; + + if (ks->x25519_peer_public != NULL) + return 0; + + if (CBS_len(cbs) != X25519_KEY_LENGTH) { + *decode_error = 1; + return 0; + } + + return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); +} + +int +tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, + int *invalid_key) +{ + *decode_error = 0; + + if (invalid_key != NULL) + *invalid_key = 0; + + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_peer_public_dhe(ks, cbs, decode_error, + invalid_key); + + if (ks->nid == NID_X25519) + return tls_key_share_peer_public_x25519(ks, cbs, decode_error); + + return tls_key_share_peer_public_ecdhe_ecp(ks, cbs); +} + +static int +tls_key_share_derive_dhe(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + if (ks->dhe == NULL || ks->dhe_peer == NULL) + return 0; + + return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key, + shared_key_len); +} + +static int +tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL) + return 0; + + return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer, + shared_key, shared_key_len); +} + +static int +tls_key_share_derive_x25519(struct tls_key_share *ks, + uint8_t **shared_key, size_t *shared_key_len) +{ + uint8_t *sk = NULL; + int ret = 0; + + if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL) + goto err; + + if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL) + goto err; + if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public)) + goto err; + + *shared_key = sk; + *shared_key_len = X25519_KEY_LENGTH; + sk = NULL; + + ret = 1; + + err: + freezero(sk, X25519_KEY_LENGTH); + + return ret; +} + +int +tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, + size_t *shared_key_len) +{ + if (*shared_key != NULL) + return 0; + + *shared_key_len = 0; + + if (ks->nid == NID_dhKeyAgreement) + return tls_key_share_derive_dhe(ks, shared_key, + shared_key_len); + + if (ks->nid == NID_X25519) + return tls_key_share_derive_x25519(ks, shared_key, + shared_key_len); + + return tls_key_share_derive_ecdhe_ecp(ks, shared_key, + shared_key_len); +} diff --git a/externals/libressl/tap-driver.sh b/externals/libressl/tap-driver.sh index 865761d3e..0ca490375 100755 --- a/externals/libressl/tap-driver.sh +++ b/externals/libressl/tap-driver.sh @@ -369,7 +369,7 @@ function setup_result_obj(line) sub("^(not )?ok[ \t]*", "", line) # If the result has an explicit number, get it and strip it; otherwise, - # automatically assing the next progresive number to it. + # automatically assign the next test number to it. if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/) { match(line, "^[0-9]+") diff --git a/externals/libressl/test-driver b/externals/libressl/test-driver index 89dba1e07..9759384aa 100755 --- a/externals/libressl/test-driver +++ b/externals/libressl/test-driver @@ -42,11 +42,13 @@ print_usage () { cat < $ + $) + +export_symbol(tls ${CMAKE_CURRENT_BINARY_DIR}/tls.sym) +target_link_libraries(tls ${PLATFORM_LIBS}) if (WIN32) set(TLS_POSTFIX -${TLS_MAJOR_VERSION}) endif() @@ -56,3 +69,11 @@ if(ENABLE_LIBRESSL_INSTALL) RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) endif(ENABLE_LIBRESSL_INSTALL) + +# build static library for regression test +if(BUILD_SHARED_LIBS) + add_library(tls-static STATIC $ + $ $) + target_link_libraries(tls-static ${PLATFORM_LIBS}) +endif() + diff --git a/externals/libressl/tls/VERSION b/externals/libressl/tls/VERSION index 77c98b5e2..4afa02714 100755 --- a/externals/libressl/tls/VERSION +++ b/externals/libressl/tls/VERSION @@ -1 +1 @@ -20:1:0 +25:0:0 diff --git a/externals/libressl/tls/tls.c b/externals/libressl/tls/tls.c index 3d6723bbd..ff33ebe53 100755 --- a/externals/libressl/tls/tls.c +++ b/externals/libressl/tls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.85 2020/05/24 15:12:54 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -326,12 +326,131 @@ tls_cert_pubkey_hash(X509 *cert, char **hash) return (rv); } +static int +tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pkey) +{ + BIO *bio = NULL; + X509 *x509 = NULL; + char *mem; + size_t len; + int ret = -1; + + *pkey = NULL; + + if (ctx->config->use_fake_private_key) { + mem = keypair->cert_mem; + len = keypair->cert_len; + } else { + mem = keypair->key_mem; + len = keypair->key_len; + } + + if (mem == NULL) + return (0); + + if (len > INT_MAX) { + tls_set_errorx(ctx, ctx->config->use_fake_private_key ? + "cert too long" : "key too long"); + goto err; + } + + if ((bio = BIO_new_mem_buf(mem, len)) == NULL) { + tls_set_errorx(ctx, "failed to create buffer"); + goto err; + } + + if (ctx->config->use_fake_private_key) { + if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_set_errorx(ctx, "failed to read X509 certificate"); + goto err; + } + if ((*pkey = X509_get_pubkey(x509)) == NULL) { + tls_set_errorx(ctx, "failed to retrieve pubkey"); + goto err; + } + } else { + if ((*pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_set_errorx(ctx, "failed to read private key"); + goto err; + } + } + + ret = 0; + err: + BIO_free(bio); + X509_free(x509); + return (ret); +} + +static int +tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey) +{ + RSA_METHOD *rsa_method; + ECDSA_METHOD *ecdsa_method; + RSA *rsa = NULL; + EC_KEY *eckey = NULL; + int ret = -1; + + /* Only install the pubkey hash if fake private keys are used. */ + if (!ctx->config->skip_private_key_check) + return (0); + + if (keypair->pubkey_hash == NULL) { + tls_set_errorx(ctx, "public key hash not set"); + goto err; + } + + switch (EVP_PKEY_id(pkey)) { + case EVP_PKEY_RSA: + if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL || + RSA_set_ex_data(rsa, 0, keypair->pubkey_hash) == 0) { + tls_set_errorx(ctx, "RSA key setup failure"); + goto err; + } + if (ctx->config->sign_cb == NULL) + break; + if ((rsa_method = tls_signer_rsa_method()) == NULL || + RSA_set_ex_data(rsa, 1, ctx->config) == 0 || + RSA_set_method(rsa, rsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup RSA key"); + goto err; + } + break; + case EVP_PKEY_EC: + if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL || + ECDSA_set_ex_data(eckey, 0, keypair->pubkey_hash) == 0) { + tls_set_errorx(ctx, "EC key setup failure"); + goto err; + } + if (ctx->config->sign_cb == NULL) + break; + if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL || + ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 || + ECDSA_set_method(eckey, ecdsa_method) == 0) { + tls_set_errorx(ctx, "failed to setup EC key"); + goto err; + } + break; + default: + tls_set_errorx(ctx, "incorrect key type"); + goto err; + } + + ret = 0; + + err: + RSA_free(rsa); + EC_KEY_free(eckey); + return (ret); +} + int tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, struct tls_keypair *keypair, int required) { EVP_PKEY *pkey = NULL; - BIO *bio = NULL; if (!required && keypair->cert_mem == NULL && @@ -351,38 +470,15 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, } } - if (keypair->key_mem != NULL) { - if (keypair->key_len > INT_MAX) { - tls_set_errorx(ctx, "key too long"); + if (tls_keypair_to_pkey(ctx, keypair, &pkey) == -1) + goto err; + if (pkey != NULL) { + if (tls_keypair_setup_pkey(ctx, keypair, pkey) == -1) goto err; - } - - if ((bio = BIO_new_mem_buf(keypair->key_mem, - keypair->key_len)) == NULL) { - tls_set_errorx(ctx, "failed to create buffer"); - goto err; - } - if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, - NULL)) == NULL) { - tls_set_errorx(ctx, "failed to read private key"); - goto err; - } - - if (keypair->pubkey_hash != NULL) { - RSA *rsa; - /* XXX only RSA for now for relayd privsep */ - if ((rsa = EVP_PKEY_get1_RSA(pkey)) != NULL) { - RSA_set_ex_data(rsa, 0, keypair->pubkey_hash); - RSA_free(rsa); - } - } - if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) { tls_set_errorx(ctx, "failed to load private key"); goto err; } - BIO_free(bio); - bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; } @@ -397,9 +493,8 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, err: EVP_PKEY_free(pkey); - BIO_free(bio); - return (1); + return (-1); } int @@ -444,7 +539,7 @@ tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) } if (ctx->config->verify_time == 0) { - X509_VERIFY_PARAM_set_flags(ssl_ctx->param, + X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(ssl_ctx), X509_V_FLAG_NO_CHECK_TIME); } @@ -552,9 +647,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) tls_set_error(ctx, "failed to add crl"); goto err; } - xi->crl = NULL; } - X509_VERIFY_PARAM_set_flags(store->param, + X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); } @@ -670,7 +764,7 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) case SSL_ERROR_WANT_ACCEPT: case SSL_ERROR_WANT_X509_LOOKUP: default: - tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err); + tls_set_ssl_errorx(ctx, "%s failed (%d)", prefix, ssl_err); return (-1); } } diff --git a/externals/libressl/tls/tls.sym b/externals/libressl/tls/tls.sym index e3fcb67fb..42c039d29 100755 --- a/externals/libressl/tls/tls.sym +++ b/externals/libressl/tls/tls.sym @@ -45,6 +45,7 @@ tls_config_set_session_lifetime tls_config_set_session_fd tls_config_set_verify_depth tls_config_skip_private_key_check +tls_config_use_fake_private_key tls_config_verify tls_config_verify_client tls_config_verify_client_optional diff --git a/externals/libressl/tls/tls_bio_cb.c b/externals/libressl/tls/tls_bio_cb.c index 0091808fc..dad9d23ef 100755 --- a/externals/libressl/tls/tls_bio_cb.c +++ b/externals/libressl/tls/tls_bio_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_bio_cb.c,v 1.19 2017/01/12 16:18:39 jsing Exp $ */ +/* $OpenBSD: tls_bio_cb.c,v 1.20 2022/01/10 23:39:48 tb Exp $ */ /* * Copyright (c) 2016 Tobias Pape * @@ -29,19 +29,41 @@ static int bio_cb_read(BIO *bio, char *buf, int size); static int bio_cb_puts(BIO *bio, const char *str); static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr); -static BIO_METHOD bio_cb_method = { - .type = BIO_TYPE_MEM, - .name = "libtls_callbacks", - .bwrite = bio_cb_write, - .bread = bio_cb_read, - .bputs = bio_cb_puts, - .ctrl = bio_cb_ctrl, -}; +static BIO_METHOD *bio_cb_method; + +static pthread_mutex_t bio_cb_method_lock = PTHREAD_MUTEX_INITIALIZER; + +static void +bio_cb_method_init(void) +{ + BIO_METHOD *bio_method; + + if (bio_cb_method != NULL) + return; + + bio_method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks"); + if (bio_method == NULL) + return; + + BIO_meth_set_write(bio_method, bio_cb_write); + BIO_meth_set_read(bio_method, bio_cb_read); + BIO_meth_set_puts(bio_method, bio_cb_puts); + BIO_meth_set_ctrl(bio_method, bio_cb_ctrl); + + bio_cb_method = bio_method; +} static BIO_METHOD * bio_s_cb(void) { - return (&bio_cb_method); + if (bio_cb_method != NULL) + return (bio_cb_method); + + pthread_mutex_lock(&bio_cb_method_lock); + bio_cb_method_init(); + pthread_mutex_unlock(&bio_cb_method_lock); + + return (bio_cb_method); } static int @@ -57,10 +79,10 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_GET_CLOSE: - ret = (long)bio->shutdown; + ret = (long)BIO_get_shutdown(bio); break; case BIO_CTRL_SET_CLOSE: - bio->shutdown = (int)num; + BIO_set_shutdown(bio, (int)num); break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: @@ -69,7 +91,7 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_GET: case BIO_CTRL_SET: default: - ret = BIO_ctrl(bio->next_bio, cmd, num, ptr); + ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); } return (ret); @@ -78,7 +100,7 @@ bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) static int bio_cb_write(BIO *bio, const char *buf, int num) { - struct tls *ctx = bio->ptr; + struct tls *ctx = BIO_get_data(bio); int rv; BIO_clear_retry_flags(bio); @@ -96,7 +118,7 @@ bio_cb_write(BIO *bio, const char *buf, int num) static int bio_cb_read(BIO *bio, char *buf, int size) { - struct tls *ctx = bio->ptr; + struct tls *ctx = BIO_get_data(bio); int rv; BIO_clear_retry_flags(bio); @@ -115,8 +137,9 @@ int tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg) { - int rv = -1; + const BIO_METHOD *bio_cb; BIO *bio; + int rv = -1; if (read_cb == NULL || write_cb == NULL) { tls_set_errorx(ctx, "no callbacks provided"); @@ -127,12 +150,16 @@ tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb, ctx->write_cb = write_cb; ctx->cb_arg = cb_arg; - if ((bio = BIO_new(bio_s_cb())) == NULL) { + if ((bio_cb = bio_s_cb()) == NULL) { + tls_set_errorx(ctx, "failed to create callback method"); + goto err; + } + if ((bio = BIO_new(bio_cb)) == NULL) { tls_set_errorx(ctx, "failed to create callback i/o"); goto err; } - bio->ptr = ctx; - bio->init = 1; + BIO_set_data(bio, ctx); + BIO_set_init(bio, 1); SSL_set_bio(ctx->ssl_conn, bio, bio); diff --git a/externals/libressl/tls/tls_client.c b/externals/libressl/tls/tls_client.c index 04e44020e..1629697f8 100755 --- a/externals/libressl/tls/tls_client.c +++ b/externals/libressl/tls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.45 2018/03/19 16:34:47 jsing Exp $ */ +/* $OpenBSD: tls_client.c,v 1.48 2021/10/21 08:38:11 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -74,11 +74,8 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port, goto err; } - /* - * If port is NULL try to extract a port from the specified host, - * otherwise use the default. - */ - if ((p = (char *)port) == NULL) { + /* If port is NULL, try to extract a port from the specified host. */ + if (port == NULL) { ret = tls_host_port(host, &hs, &ps); if (ret == -1) { tls_set_errorx(ctx, "memory allocation failure"); @@ -279,6 +276,7 @@ static int tls_connect_common(struct tls *ctx, const char *servername) { union tls_addr addrbuf; + size_t servername_len; int rv = -1; if ((ctx->flags & TLS_CLIENT) == 0) { @@ -291,6 +289,17 @@ tls_connect_common(struct tls *ctx, const char *servername) tls_set_errorx(ctx, "out of memory"); goto err; } + + /* + * If there's a trailing dot, remove it. While an FQDN includes + * the terminating dot representing the zero-length label of + * the root (RFC 8499, section 2), the SNI explicitly does not + * include it (RFC 6066, section 3). + */ + servername_len = strlen(ctx->servername); + if (servername_len > 0 && + ctx->servername[servername_len - 1] == '.') + ctx->servername[servername_len - 1] = '\0'; } if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { @@ -306,7 +315,7 @@ tls_connect_common(struct tls *ctx, const char *servername) goto err; if (ctx->config->verify_name) { - if (servername == NULL) { + if (ctx->servername == NULL) { tls_set_errorx(ctx, "server name not specified"); goto err; } @@ -350,13 +359,14 @@ tls_connect_common(struct tls *ctx, const char *servername) } /* - * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not + * RFC 6066 (SNI): Literal IPv4 and IPv6 addresses are not * permitted in "HostName". */ - if (servername != NULL && - inet_pton(AF_INET, servername, &addrbuf) != 1 && - inet_pton(AF_INET6, servername, &addrbuf) != 1) { - if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) { + if (ctx->servername != NULL && + inet_pton(AF_INET, ctx->servername, &addrbuf) != 1 && + inet_pton(AF_INET6, ctx->servername, &addrbuf) != 1) { + if (SSL_set_tlsext_host_name(ctx->ssl_conn, + ctx->servername) == 0) { tls_set_errorx(ctx, "server name indication failure"); goto err; } diff --git a/externals/libressl/tls/tls_config.c b/externals/libressl/tls/tls_config.c index ed4717083..15e218b4e 100755 --- a/externals/libressl/tls/tls_config.c +++ b/externals/libressl/tls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.58 2020/01/20 08:39:21 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -179,6 +179,8 @@ tls_config_free(struct tls_config *config) free((char *)config->crl_mem); free(config->ecdhecurves); + pthread_mutex_destroy(&config->mutex); + free(config); } @@ -351,7 +353,8 @@ tls_config_add_keypair_file_internal(struct tls_config *config, return (-1); if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0) goto err; - if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0) + if (key_file != NULL && + tls_keypair_set_key_file(keypair, &config->error, key_file) != 0) goto err; if (ocsp_file != NULL && tls_keypair_set_ocsp_staple_file(keypair, &config->error, @@ -378,7 +381,8 @@ tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *ce return (-1); if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0) goto err; - if (tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0) + if (key != NULL && + tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0) goto err; if (staple != NULL && tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple, @@ -718,7 +722,7 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) if (sb.st_uid != getuid()) { tls_config_set_errorx(config, "session file has incorrect " - "owner (uid %i != %i)", sb.st_uid, getuid()); + "owner (uid %u != %u)", sb.st_uid, getuid()); return (-1); } mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO); @@ -733,6 +737,17 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd) return (0); } +int +tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg) +{ + config->use_fake_private_key = 1; + config->skip_private_key_check = 1; + config->sign_cb = cb; + config->sign_cb_arg = cb_arg; + + return (0); +} + int tls_config_set_verify_depth(struct tls_config *config, int verify_depth) { @@ -803,6 +818,13 @@ tls_config_skip_private_key_check(struct tls_config *config) config->skip_private_key_check = 1; } +void +tls_config_use_fake_private_key(struct tls_config *config) +{ + config->use_fake_private_key = 1; + config->skip_private_key_check = 1; +} + int tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file) { diff --git a/externals/libressl/tls/tls_conninfo.c b/externals/libressl/tls/tls_conninfo.c index d44dc842b..4d9ae29e0 100755 --- a/externals/libressl/tls/tls_conninfo.c +++ b/externals/libressl/tls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.22 2021/01/05 15:57:38 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -112,9 +112,6 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, if (ctx->ssl_peer_cert == NULL) return (-1); - memset(&before_tm, 0, sizeof(before_tm)); - memset(&after_tm, 0, sizeof(after_tm)); - if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL) goto err; if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) diff --git a/externals/libressl/tls/tls_internal.h b/externals/libressl/tls/tls_internal.h index 1dd5f45dd..ca1d96f62 100755 --- a/externals/libressl/tls/tls_internal.h +++ b/externals/libressl/tls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -78,6 +78,10 @@ struct tls_ticket_key { time_t time; }; +typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + struct tls_config { struct tls_error error; @@ -111,6 +115,9 @@ struct tls_config { int verify_name; int verify_time; int skip_private_key_check; + int use_fake_private_key; + tls_sign_cb sign_cb; + void *sign_cb_arg; }; struct tls_conninfo { @@ -290,9 +297,31 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash); int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); +RSA_METHOD *tls_signer_rsa_method(void); +ECDSA_METHOD *tls_signer_ecdsa_method(void); + +#define TLS_PADDING_NONE 0 +#define TLS_PADDING_RSA_PKCS1 1 +#define TLS_PADDING_RSA_X9_31 2 + +int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb, + void *_cb_arg); + +struct tls_signer* tls_signer_new(void); +void tls_signer_free(struct tls_signer * _signer); +const char *tls_signer_error(struct tls_signer * _signer); +int tls_signer_add_keypair_file(struct tls_signer *_signer, + const char *_cert_file, const char *_key_file); +int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, + const uint8_t *_input, size_t _input_len, int _padding_type, + uint8_t **_out_signature, size_t *_out_signature_len); + __END_HIDDEN_DECLS /* XXX this function is not fully hidden so relayd can use it */ void tls_config_skip_private_key_check(struct tls_config *config); +void tls_config_use_fake_private_key(struct tls_config *config); #endif /* HEADER_TLS_INTERNAL_H */ diff --git a/externals/libressl/tls/tls_keypair.c b/externals/libressl/tls/tls_keypair.c index a98e5c2e7..a12d21d0d 100755 --- a/externals/libressl/tls/tls_keypair.c +++ b/externals/libressl/tls/tls_keypair.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_keypair.c,v 1.6 2018/04/07 16:35:34 jsing Exp $ */ +/* $OpenBSD: tls_keypair.c,v 1.8 2021/01/05 17:37:12 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -137,7 +137,7 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, { char *errstr = "unknown"; BIO *cert_bio = NULL; - int ssl_err; + unsigned long ssl_err; int rv = -1; X509_free(*cert); @@ -155,7 +155,7 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, NULL)) == NULL) { if ((ssl_err = ERR_peek_error()) != 0) - errstr = ERR_error_string(ssl_err, NULL); + errstr = ERR_error_string(ssl_err, NULL); tls_error_set(error, "failed to load certificate: %s", errstr); goto err; } diff --git a/externals/libressl/tls/tls_ocsp.c b/externals/libressl/tls/tls_ocsp.c index 32c372ed5..83585fac0 100755 --- a/externals/libressl/tls/tls_ocsp.c +++ b/externals/libressl/tls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.19 2019/12/03 14:56:42 tb Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen * Copyright (c) 2016 Bob Beck @@ -128,30 +128,38 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, { X509_NAME *issuer_name; X509 *issuer; - X509_STORE_CTX storectx; - X509_OBJECT tmpobj; + X509_STORE_CTX *storectx = NULL; + X509_OBJECT *obj = NULL; OCSP_CERTID *cid = NULL; X509_STORE *store; if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL) - return NULL; + goto out; if (extra_certs != NULL) { issuer = X509_find_by_subject(extra_certs, issuer_name); - if (issuer != NULL) - return OCSP_cert_to_id(NULL, main_cert, issuer); + if (issuer != NULL) { + cid = OCSP_cert_to_id(NULL, main_cert, issuer); + goto out; + } } if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL) - return NULL; - if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1) - return NULL; - if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, - &tmpobj) == 1) { - cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509); - X509_OBJECT_free_contents(&tmpobj); - } - X509_STORE_CTX_cleanup(&storectx); + goto out; + if ((storectx = X509_STORE_CTX_new()) == NULL) + goto out; + if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1) + goto out; + if ((obj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, + issuer_name)) == NULL) + goto out; + + cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(obj)); + + out: + X509_STORE_CTX_free(storectx); + X509_OBJECT_free(obj); + return cid; } @@ -218,7 +226,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) /* now verify */ if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { - tls_set_error(ctx, "ocsp verify failed"); + tls_set_errorx(ctx, "ocsp verify failed"); goto err; } diff --git a/externals/libressl/tls/tls_server.c b/externals/libressl/tls/tls_server.c index a709a2bec..72f797b86 100755 --- a/externals/libressl/tls/tls_server.c +++ b/externals/libressl/tls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.45 2019/05/13 22:36:01 bcook Exp $ */ +/* $OpenBSD: tls_server.c,v 1.48 2022/01/19 11:10:55 inoguchi Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -109,7 +109,7 @@ tls_servername_cb(SSL *ssl, int *al, void *arg) inet_pton(AF_INET6, name, &addrbuf) == 1) return (SSL_TLSEXT_ERR_NOACK); - free((char *)conn_ctx->servername); + free(conn_ctx->servername); if ((conn_ctx->servername = strdup(name)) == NULL) goto err; @@ -133,7 +133,7 @@ tls_servername_cb(SSL *ssl, int *al, void *arg) * There is no way to tell libssl that an internal failure occurred. * The only option we have is to return a fatal alert. */ - *al = TLS1_AD_INTERNAL_ERROR; + *al = SSL_AD_INTERNAL_ERROR; return (SSL_TLSEXT_ERR_ALERT_FATAL); } @@ -185,10 +185,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, memcpy(keyname, key->key_name, sizeof(key->key_name)); arc4random_buf(iv, EVP_MAX_IV_LENGTH); - EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init encrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } return (0); } else { /* get key by name */ @@ -196,10 +202,16 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, if (key == NULL) return (0); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - key->aes_key, iv); - HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), - EVP_sha256(), NULL); + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv)) { + tls_set_errorx(tls_ctx, "failed to init decrypt"); + return (-1); + } + if (!HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL)) { + tls_set_errorx(tls_ctx, "failed to init hmac"); + return (-1); + } /* time to renew the ticket? is it the primary key? */ if (key != &tls_ctx->config->ticket_keys[0]) diff --git a/externals/libressl/tls/tls_signer.c b/externals/libressl/tls/tls_signer.c new file mode 100755 index 000000000..1f1109679 --- /dev/null +++ b/externals/libressl/tls/tls_signer.c @@ -0,0 +1,451 @@ +/* $OpenBSD: tls_signer.c,v 1.4 2022/02/01 17:18:38 jsing Exp $ */ +/* + * Copyright (c) 2021 Eric Faurot + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#include "tls.h" +#include "tls_internal.h" + +struct tls_signer_key { + char *hash; + RSA *rsa; + EC_KEY *ecdsa; + struct tls_signer_key *next; +}; + +struct tls_signer { + struct tls_error error; + struct tls_signer_key *keys; +}; + +static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER; + +struct tls_signer * +tls_signer_new(void) +{ + struct tls_signer *signer; + + if ((signer = calloc(1, sizeof(*signer))) == NULL) + return (NULL); + + return (signer); +} + +void +tls_signer_free(struct tls_signer *signer) +{ + struct tls_signer_key *skey; + + if (signer == NULL) + return; + + tls_error_clear(&signer->error); + + while (signer->keys) { + skey = signer->keys; + signer->keys = skey->next; + RSA_free(skey->rsa); + EC_KEY_free(skey->ecdsa); + free(skey->hash); + free(skey); + } + + free(signer); +} + +const char * +tls_signer_error(struct tls_signer *signer) +{ + return (signer->error.msg); +} + +int +tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + struct tls_signer_key *skey = NULL; + char *errstr = "unknown"; + int ssl_err; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + BIO *bio = NULL; + char *hash = NULL; + + /* Compute certificate hash */ + if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) { + tls_error_setx(&signer->error, + "failed to create certificate bio"); + goto err; + } + if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb, + NULL)) == NULL) { + if ((ssl_err = ERR_peek_error()) != 0) + errstr = ERR_error_string(ssl_err, NULL); + tls_error_setx(&signer->error, "failed to load certificate: %s", + errstr); + goto err; + } + if (tls_cert_pubkey_hash(x509, &hash) == -1) { + tls_error_setx(&signer->error, + "failed to get certificate hash"); + goto err; + } + + X509_free(x509); + x509 = NULL; + BIO_free(bio); + bio = NULL; + + /* Read private key */ + if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) { + tls_error_setx(&signer->error, "failed to create key bio"); + goto err; + } + if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_error_setx(&signer->error, "failed to read private key"); + goto err; + } + + if ((skey = calloc(1, sizeof(*skey))) == NULL) { + tls_error_set(&signer->error, "failed to create key entry"); + goto err; + } + skey->hash = hash; + if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL && + (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) { + tls_error_setx(&signer->error, "unknown key type"); + goto err; + } + + skey->next = signer->keys; + signer->keys = skey; + EVP_PKEY_free(pkey); + BIO_free(bio); + + return (0); + + err: + EVP_PKEY_free(pkey); + X509_free(x509); + BIO_free(bio); + free(hash); + free(skey); + + return (-1); +} + +int +tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file, + const char *key_file) +{ + char *cert = NULL, *key = NULL; + size_t cert_len, key_len; + int rv = -1; + + if (tls_config_load_file(&signer->error, "certificate", cert_file, + &cert, &cert_len) == -1) + goto err; + + if (tls_config_load_file(&signer->error, "key", key_file, &key, + &key_len) == -1) + goto err; + + rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len); + + err: + free(cert); + free(key); + + return (rv); +} + +static int +tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + int rsa_padding, rsa_size, signature_len; + char *signature = NULL; + + *out_signature = NULL; + *out_signature_len = 0; + + if (padding_type == TLS_PADDING_NONE) { + rsa_padding = RSA_NO_PADDING; + } else if (padding_type == TLS_PADDING_RSA_PKCS1) { + rsa_padding = RSA_PKCS1_PADDING; + } else if (padding_type == TLS_PADDING_RSA_X9_31) { + rsa_padding = RSA_X931_PADDING; + } else { + tls_error_setx(&signer->error, "invalid RSA padding type (%d)", + padding_type); + return (-1); + } + + if (input_len > INT_MAX) { + tls_error_setx(&signer->error, "input too large"); + return (-1); + } + if ((rsa_size = RSA_size(skey->rsa)) <= 0) { + tls_error_setx(&signer->error, "invalid RSA size: %d", + rsa_size); + return (-1); + } + if ((signature = calloc(1, rsa_size)) == NULL) { + tls_error_set(&signer->error, "RSA signature"); + return (-1); + } + + if ((signature_len = RSA_private_encrypt((int)input_len, input, + signature, skey->rsa, rsa_padding)) <= 0) { + /* XXX - include further details from libcrypto. */ + tls_error_setx(&signer->error, "RSA signing failed"); + free(signature); + return (-1); + } + + *out_signature = signature; + *out_signature_len = (size_t)signature_len; + + return (0); +} + +static int +tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + unsigned char *signature; + int signature_len; + + *out_signature = NULL; + *out_signature_len = 0; + + if (padding_type != TLS_PADDING_NONE) { + tls_error_setx(&signer->error, "invalid ECDSA padding"); + return (-1); + } + + if (input_len > INT_MAX) { + tls_error_setx(&signer->error, "digest too large"); + return (-1); + } + if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) { + tls_error_setx(&signer->error, "invalid ECDSA size: %d", + signature_len); + return (-1); + } + if ((signature = calloc(1, signature_len)) == NULL) { + tls_error_set(&signer->error, "ECDSA signature"); + return (-1); + } + + if (!ECDSA_sign(0, input, input_len, signature, &signature_len, + skey->ecdsa)) { + /* XXX - include further details from libcrypto. */ + tls_error_setx(&signer->error, "ECDSA signing failed"); + free(signature); + return (-1); + } + + *out_signature = signature; + *out_signature_len = signature_len; + + return (0); +} + +int +tls_signer_sign(struct tls_signer *signer, const char *pubkey_hash, + const uint8_t *input, size_t input_len, int padding_type, + uint8_t **out_signature, size_t *out_signature_len) +{ + struct tls_signer_key *skey; + + *out_signature = NULL; + *out_signature_len = 0; + + for (skey = signer->keys; skey; skey = skey->next) + if (!strcmp(pubkey_hash, skey->hash)) + break; + + if (skey == NULL) { + tls_error_setx(&signer->error, "key not found"); + return (-1); + } + + if (skey->rsa != NULL) + return tls_sign_rsa(signer, skey, input, input_len, + padding_type, out_signature, out_signature_len); + + if (skey->ecdsa != NULL) + return tls_sign_ecdsa(signer, skey, input, input_len, + padding_type, out_signature, out_signature_len); + + tls_error_setx(&signer->error, "unknown key type"); + + return (-1); +} + +static int +tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to, + RSA *rsa, int rsa_padding) +{ + struct tls_config *config; + uint8_t *signature = NULL; + size_t signature_len = 0; + const char *pubkey_hash; + int padding_type; + + /* + * This function is called via RSA_private_encrypt() and has to conform + * to its calling convention/signature. The caller is required to + * provide a 'to' buffer of at least RSA_size() bytes. + */ + + pubkey_hash = RSA_get_ex_data(rsa, 0); + config = RSA_get_ex_data(rsa, 1); + + if (pubkey_hash == NULL || config == NULL) + goto err; + + if (rsa_padding == RSA_NO_PADDING) { + padding_type = TLS_PADDING_NONE; + } else if (rsa_padding == RSA_PKCS1_PADDING) { + padding_type = TLS_PADDING_RSA_PKCS1; + } else if (rsa_padding == RSA_X931_PADDING) { + padding_type = TLS_PADDING_RSA_X9_31; + } else { + goto err; + } + + if (from_len < 0) + goto err; + + if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len, + padding_type, &signature, &signature_len) == -1) + goto err; + + if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa)) + goto err; + + memcpy(to, signature, signature_len); + free(signature); + + return ((int)signature_len); + + err: + free(signature); + + return (-1); +} + +RSA_METHOD * +tls_signer_rsa_method(void) +{ + static RSA_METHOD *rsa_method = NULL; + + pthread_mutex_lock(&signer_method_lock); + + if (rsa_method != NULL) + goto out; + + rsa_method = RSA_meth_new("libtls RSA method", 0); + if (rsa_method == NULL) + goto out; + + RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc); + + out: + pthread_mutex_unlock(&signer_method_lock); + + return (rsa_method); +} + +static ECDSA_SIG * +tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, + const BIGNUM *rp, EC_KEY *eckey) +{ + struct tls_config *config; + ECDSA_SIG *ecdsa_sig = NULL; + uint8_t *signature = NULL; + size_t signature_len = 0; + const unsigned char *p; + const char *pubkey_hash; + + /* + * This function is called via ECDSA_do_sign_ex() and has to conform + * to its calling convention/signature. + */ + + pubkey_hash = ECDSA_get_ex_data(eckey, 0); + config = ECDSA_get_ex_data(eckey, 1); + + if (pubkey_hash == NULL || config == NULL) + goto err; + + if (dgst_len < 0) + goto err; + + if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len, + TLS_PADDING_NONE, &signature, &signature_len) == -1) + goto err; + + p = signature; + if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL) + goto err; + + free(signature); + + return (ecdsa_sig); + + err: + free(signature); + + return (NULL); +} + +ECDSA_METHOD * +tls_signer_ecdsa_method(void) +{ + static ECDSA_METHOD *ecdsa_method = NULL; + + pthread_mutex_lock(&signer_method_lock); + + if (ecdsa_method != NULL) + goto out; + + ecdsa_method = calloc(1, sizeof(*ecdsa_method)); + if (ecdsa_method == NULL) + goto out; + + ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign; + ecdsa_method->name = strdup("libtls ECDSA method"); + if (ecdsa_method->name == NULL) { + free(ecdsa_method); + ecdsa_method = NULL; + } + + out: + pthread_mutex_unlock(&signer_method_lock); + + return (ecdsa_method); +} diff --git a/externals/libressl/tls/tls_util.c b/externals/libressl/tls/tls_util.c index b144fb1ea..d8103a506 100755 --- a/externals/libressl/tls/tls_util.c +++ b/externals/libressl/tls/tls_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_util.c,v 1.14 2019/04/13 18:47:58 tb Exp $ */ +/* $OpenBSD: tls_util.c,v 1.15 2021/08/16 13:54:38 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * Copyright (c) 2014 Ted Unangst @@ -92,7 +92,7 @@ tls_host_port(const char *hostport, char **host, char **port) *p++ = '\0'; } - /* Find the port seperator. */ + /* Find the port separator. */ if ((p = strchr(p, ':')) == NULL) goto done; diff --git a/externals/libressl/x509v3.cnf b/externals/libressl/x509v3.cnf new file mode 100755 index 000000000..d12d73285 --- /dev/null +++ b/externals/libressl/x509v3.cnf @@ -0,0 +1,29 @@ +# default settings +CERTPATHLEN = 1 +CERTUSAGE = digitalSignature,keyCertSign,cRLSign +EXTCERTUSAGE = serverAuth,clientAuth +CERTIP = 0.0.0.0 +CERTFQDN = nohost.nodomain + +# This section should be referenced when building an x509v3 CA +# Certificate. +# The default path length and the key usage can be overridden +# modified by setting the CERTPATHLEN and CERTUSAGE environment +# variables. +[x509v3_CA] +basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN +keyUsage=$ENV::CERTUSAGE + +# This section should be referenced to add an IP Address +# as an alternate subject name, needed by isakmpd +# The address must be provided in the CERTIP environment variable +[x509v3_IPAddr] +subjectAltName=IP:$ENV::CERTIP +extendedKeyUsage=$ENV::EXTCERTUSAGE + +# This section should be referenced to add a FQDN hostname +# as an alternate subject name, needed by isakmpd +# The address must be provided in the CERTFQDN environment variable +[x509v3_FQDN] +subjectAltName=DNS:$ENV::CERTFQDN +extendedKeyUsage=$ENV::EXTCERTUSAGE diff --git a/src/core/hle/service/hid/controllers/npad.cpp b/src/core/hle/service/hid/controllers/npad.cpp index 3270b08e0..17f71beaf 100755 --- a/src/core/hle/service/hid/controllers/npad.cpp +++ b/src/core/hle/service/hid/controllers/npad.cpp @@ -64,8 +64,8 @@ bool Controller_NPad::IsDeviceHandleValid(const Core::HID::SixAxisSensorHandle& Controller_NPad::Controller_NPad(Core::HID::HIDCore& hid_core_, u8* raw_shared_memory_, KernelHelpers::ServiceContext& service_context_) : ControllerBase{hid_core_}, service_context{service_context_} { + static_assert(NPAD_OFFSET + (NPAD_COUNT * sizeof(NpadInternalState)) < shared_memory_size); for (std::size_t i = 0; i < controller_data.size(); ++i) { - assert(NPAD_OFFSET + ((i + 1) * sizeof(NpadInternalState)) < shared_memory_size); auto& controller = controller_data[i]; controller.shared_memory = std::construct_at(reinterpret_cast( raw_shared_memory_ + NPAD_OFFSET + (i * sizeof(NpadInternalState)))); diff --git a/src/core/hle/service/hid/controllers/npad.h b/src/core/hle/service/hid/controllers/npad.h index b2d2ec51f..0a96825a5 100755 --- a/src/core/hle/service/hid/controllers/npad.h +++ b/src/core/hle/service/hid/controllers/npad.h @@ -187,6 +187,8 @@ public: static bool IsDeviceHandleValid(const Core::HID::VibrationDeviceHandle& device_handle); private: + static constexpr std::size_t NPAD_COUNT = 10; + // This is nn::hid::detail::ColorAttribute enum class ColorAttribute : u32 { Ok = 0, @@ -522,7 +524,7 @@ private: std::atomic press_state{}; - std::array controller_data{}; + std::array controller_data{}; KernelHelpers::ServiceContext& service_context; std::mutex mutex; std::vector supported_npad_id_types{};